diff --git a/database-grants/terraform/README.md b/database-grants/terraform/README.md
index 313ab3f..bd1bd05 100644
--- a/database-grants/terraform/README.md
+++ b/database-grants/terraform/README.md
@@ -1,3 +1,8 @@
+# Prerequisites
+
+- Terraform 1.4.6 , please stick to this version for now, tested 1.6.x, it brings issue with the Dititalocean storage as backend
+
+
# How to set up terraform
Find your digitalocean spaces access key and secret key here: https://cloud.digitalocean.com/account/api/spaces?i=d79377
@@ -35,4 +40,8 @@ Apply:
terraform apply -var-file=dev.env.tfvars
```
+# Troubleshooting
+
+## Error: role or object does not exist
+When applying a new schema/grant, sometimes error reports xxx does not exist. But if you run it again, it works. Known issue [here](https://github.com/Greenstand/treetracker-infrastructure/issues/201)
diff --git a/database-grants/terraform/dev/main.tf b/database-grants/terraform/dev/main.tf
index de732df..5e55477 100644
--- a/database-grants/terraform/dev/main.tf
+++ b/database-grants/terraform/dev/main.tf
@@ -81,3 +81,11 @@ module "keycloak_schema" {
postgresql = postgresql.treetracker
}
}
+
+
+module "wallet_schema" {
+ source = "./schemas/wallet"
+ providers = {
+ postgresql = postgresql.treetracker
+ }
+}
diff --git a/database-grants/terraform/dev/other b/database-grants/terraform/dev/other
new file mode 120000
index 0000000..b492abe
--- /dev/null
+++ b/database-grants/terraform/dev/other
@@ -0,0 +1 @@
+../prod/other
\ No newline at end of file
diff --git a/database-grants/terraform/dev/schemas/wallet b/database-grants/terraform/dev/schemas/wallet
new file mode 120000
index 0000000..7918131
--- /dev/null
+++ b/database-grants/terraform/dev/schemas/wallet
@@ -0,0 +1 @@
+../../prod/schemas/wallet/
\ No newline at end of file
diff --git a/database-grants/terraform/prod/extra/main.tf b/database-grants/terraform/prod/extra/main.tf
new file mode 100644
index 0000000..3e575c0
--- /dev/null
+++ b/database-grants/terraform/prod/extra/main.tf
@@ -0,0 +1,128 @@
+resource "postgresql_grant" "wallet-operator-schema" {
+ database = "treetracker"
+ role = "wallet_operator"
+ schema = "wallet"
+ object_type = "schema"
+ privileges = ["USAGE", "CREATE"]
+}
+
+resource "postgresql_grant" "wallet-operator-table" {
+ database = "treetracker"
+ role = "wallet_operator"
+ schema = "wallet"
+ object_type = "table"
+ privileges = ["SELECT", "INSERT", "UPDATE", "DELETE"]
+}
+
+resource "postgresql_grant" "wallet-operator-seq" {
+ database = "treetracker"
+ role = "wallet_operator"
+ schema = "wallet"
+ object_type = "sequence"
+ privileges = ["USAGE", "SELECT"]
+
+}
+
+resource "postgresql_grant" "wallet-operator-schema-public" {
+ database = "treetracker"
+ role = "wallet_operator"
+ schema = "public"
+ object_type = "schema"
+ privileges = ["USAGE", "CREATE"]
+}
+
+resource "postgresql_grant" "wallet-operator-table-public" {
+ database = "treetracker"
+ role = "wallet_operator"
+ schema = "public"
+ object_type = "table"
+ privileges = ["SELECT", "INSERT", "UPDATE", "DELETE"]
+}
+
+
+resource "postgresql_grant" "wallet-operator-seq-public" {
+ database = "treetracker"
+ role = "wallet_operator"
+ schema = "public"
+ object_type = "sequence"
+ privileges = ["USAGE", "SELECT"]
+
+}
+
+
+resource "postgresql_grant" "wallet-operator-schema-herbarium" {
+ database = "treetracker"
+ role = "wallet_operator"
+ schema = "herbarium"
+ object_type = "schema"
+ privileges = ["USAGE", "CREATE"]
+}
+
+resource "postgresql_grant" "wallet-operator-table-herbarium" {
+ database = "treetracker"
+ role = "wallet_operator"
+ schema = "herbarium"
+ object_type = "table"
+ privileges = ["SELECT", "INSERT", "UPDATE", "DELETE"]
+}
+
+
+resource "postgresql_grant" "wallet-operator-seq-herbarium" {
+ database = "treetracker"
+ role = "wallet_operator"
+ schema = "herbarium"
+ object_type = "sequence"
+ privileges = ["USAGE", "SELECT"]
+}
+
+
+resource "postgresql_grant" "wallet-operator-schema-stakeholder" {
+ database = "treetracker"
+ role = "wallet_operator"
+ schema = "stakeholder"
+ object_type = "schema"
+ privileges = ["USAGE", "CREATE"]
+}
+
+resource "postgresql_grant" "wallet-operator-table-stakeholder" {
+ database = "treetracker"
+ role = "wallet_operator"
+ schema = "stakeholder"
+ object_type = "table"
+ privileges = ["SELECT", "INSERT", "UPDATE", "DELETE"]
+}
+
+
+resource "postgresql_grant" "wallet-operator-seq-stakeholder" {
+ database = "treetracker"
+ role = "wallet_operator"
+ schema = "stakeholder"
+ object_type = "sequence"
+ privileges = ["USAGE", "SELECT"]
+}
+
+
+resource "postgresql_grant" "wallet-operator-schema-treetracker" {
+ database = "treetracker"
+ role = "wallet_operator"
+ schema = "treetracker"
+ object_type = "schema"
+ privileges = ["USAGE", "CREATE"]
+}
+
+resource "postgresql_grant" "wallet-operator-table-treetracker" {
+ database = "treetracker"
+ role = "wallet_operator"
+ schema = "treetracker"
+ object_type = "table"
+ privileges = ["SELECT", "INSERT", "UPDATE", "DELETE"]
+}
+
+
+resource "postgresql_grant" "wallet-operator-seq-treetracker" {
+ database = "treetracker"
+ role = "wallet_operator"
+ schema = "treetracker"
+ object_type = "sequence"
+ privileges = ["USAGE", "SELECT"]
+}
diff --git a/database-grants/terraform/prod/schemas/query/provider.tf b/database-grants/terraform/prod/extra/provider.tf
similarity index 100%
rename from database-grants/terraform/prod/schemas/query/provider.tf
rename to database-grants/terraform/prod/extra/provider.tf
diff --git a/database-grants/terraform/prod/main.tf b/database-grants/terraform/prod/main.tf
index de304f0..9a55a88 100644
--- a/database-grants/terraform/prod/main.tf
+++ b/database-grants/terraform/prod/main.tf
@@ -56,13 +56,6 @@ module "messaging_schema" {
}
}
-module "query_schema" {
- source = "./schemas/query"
- providers = {
- postgresql = postgresql.treetracker
- }
-}
-
module "stakeholder_schema" {
source = "./schemas/stakeholder"
providers = {
@@ -83,3 +76,20 @@ module "contracts_schema" {
postgresql = postgresql.treetracker
}
}
+
+module "keycloak_schema" {
+ source = "./schemas/keycloak"
+ providers = {
+ postgresql = postgresql.treetracker
+ }
+}
+
+module "extra" {
+ source = "./extra"
+ providers = {
+ postgresql = postgresql.treetracker
+ }
+ depends_on = [
+ module.wallet_schema
+ ]
+}
diff --git a/database-grants/terraform/prod/prod.env.tfvars b/database-grants/terraform/prod/prod.env.tfvars
index fc6f324..daff614 100644
--- a/database-grants/terraform/prod/prod.env.tfvars
+++ b/database-grants/terraform/prod/prod.env.tfvars
@@ -1,2 +1,2 @@
-port = "1111"
-host = "localhost"
+port = "25060"
+host = "treetracker-cluster-do-user-8540031-0.b.db.ondigitalocean.com"
diff --git a/database-grants/terraform/prod/read-only-user.tf b/database-grants/terraform/prod/read-only-user.tf
index 4946ccf..7ee2e59 100644
--- a/database-grants/terraform/prod/read-only-user.tf
+++ b/database-grants/terraform/prod/read-only-user.tf
@@ -11,33 +11,6 @@ resource "postgresql_role" "readonlyuser_human" {
password = random_password.readonlyuser_password.result
}
-resource "postgresql_grant" "readonlyyuser_select_field" {
- provider = "postgresql.treetracker"
- database = "treetracker"
- role = "readonlyuser"
- schema = "field"
- object_type = "table"
- privileges = ["SELECT"]
-}
-
-resource "postgresql_grant" "readonlyyuser_usage_field" {
- provider = "postgresql.treetracker"
- database = "treetracker"
- role = "readonlyuser"
- schema = "field"
- object_type = "schema"
- privileges = ["USAGE"]
-}
-
-resource "postgresql_grant" "readonlyyuser_sequence_field" {
- provider = "postgresql.treetracker"
- database = "treetracker"
- role = "readonlyuser"
- schema = "field"
- object_type = "sequence"
- privileges = ["SELECT"]
-}
-
resource "postgresql_grant" "readonlyyuser_select_public" {
provider = "postgresql.treetracker"
database = "treetracker"
@@ -161,7 +134,7 @@ resource "postgresql_grant" "readonlyyuser_sequence_treetracker" {
role = "readonlyuser"
schema = "treetracker"
object_type = "sequence"
- privileges = ["SELECT"]
+ privileges = ["SELECT", "USAGE"]
}
resource "postgresql_grant" "readonlyyuser_usage_wallet" {
@@ -188,7 +161,7 @@ resource "postgresql_grant" "readonlyyuser_sequence_wallet" {
role = "readonlyuser"
schema = "wallet"
object_type = "sequence"
- privileges = ["SELECT"]
+ privileges = ["SELECT", "USAGE"]
}
resource "postgresql_grant" "readonlyyuser_usage_webmap" {
@@ -206,7 +179,7 @@ resource "postgresql_grant" "readonlyyuser_sequence_webmap" {
role = "readonlyuser"
schema = "webmap"
object_type = "sequence"
- privileges = ["SELECT"]
+ privileges = ["SELECT", "USAGE"]
}
resource "postgresql_grant" "readonlyyuser_usage_airflow" {
@@ -288,7 +261,7 @@ resource "postgresql_grant" "readonlyuser_sequence_earnings" {
role = "readonlyuser"
schema = "earnings"
object_type = "sequence"
- privileges = ["SELECT"]
+ privileges = ["SELECT", "USAGE"]
}
@@ -311,7 +284,7 @@ resource "postgresql_default_privileges" "read_only_reporting_sequence" {
owner = "doadmin"
object_type = "sequence"
- privileges = ["SELECT"]
+ privileges = ["SELECT", "USAGE"]
}
resource "postgresql_default_privileges" "read_only_reporting_tables" {
diff --git a/database-grants/terraform/prod/schemas/query/main.tf b/database-grants/terraform/prod/schemas/query/main.tf
deleted file mode 100644
index d636a82..0000000
--- a/database-grants/terraform/prod/schemas/query/main.tf
+++ /dev/null
@@ -1,88 +0,0 @@
-
-module "microservice_schema" {
- source = "./../../modules/microservice_schema"
- schema = "query"
-}
-
-resource "postgresql_grant" "query_messaging_schema" {
- database = "treetracker"
- role = "s_query"
- schema = "messaging"
- object_type = "schema"
- privileges = ["USAGE"]
-}
-
-resource "postgresql_grant" "query_messaging_tables" {
- database = "treetracker"
- role = "s_query"
- schema = "messaging"
- object_type = "table"
- privileges = ["SELECT"]
-}
-
-resource "postgresql_grant" "query_treetracker_schema" {
- database = "treetracker"
- role = "s_query"
- schema = "treetracker"
- object_type = "schema"
- privileges = ["USAGE"]
-}
-
-resource "postgresql_grant" "query_treetracker_tables" {
- database = "treetracker"
- role = "s_query"
- schema = "treetracker"
- object_type = "table"
- privileges = ["SELECT"]
-}
-
-resource "postgresql_grant" "query_stakeholder_schema" {
- database = "treetracker"
- role = "s_query"
- schema = "stakeholder"
- object_type = "schema"
- privileges = ["USAGE"]
-}
-
-resource "postgresql_grant" "query_stakeholder_tables" {
- database = "treetracker"
- role = "s_query"
- schema = "stakeholder"
- object_type = "table"
- privileges = ["SELECT"]
-}
-
-resource "postgresql_grant" "query_regions_schema" {
- database = "treetracker"
- role = "s_query"
- schema = "regions"
- object_type = "schema"
- privileges = ["USAGE"]
-}
-
-resource "postgresql_grant" "query_regions_tables" {
- database = "treetracker"
- role = "s_query"
- schema = "regions"
- object_type = "table"
- privileges = ["SELECT"]
-}
-
-resource "postgresql_grant" "query_public_schema" {
- database = "treetracker"
- role = "s_query"
- schema = "public"
- object_type = "schema"
- privileges = ["USAGE"]
-}
-
-resource "postgresql_grant" "query_public_function" {
- database = "treetracker"
- role = "s_query"
- schema = "public"
- object_type = "function"
- privileges = ["EXECUTE"]
-}
-
-
-
diff --git a/database-grants/terraform/prod/schemas/wallet/main.tf b/database-grants/terraform/prod/schemas/wallet/main.tf
index b2a0855..30dcb6c 100644
--- a/database-grants/terraform/prod/schemas/wallet/main.tf
+++ b/database-grants/terraform/prod/schemas/wallet/main.tf
@@ -3,5 +3,3 @@ module "microservice_schema" {
source = "./../../modules/microservice_schema"
schema = "wallet"
}
-
-
diff --git a/keycloak/README.md b/keycloak/README.md
new file mode 100644
index 0000000..4705d51
--- /dev/null
+++ b/keycloak/README.md
@@ -0,0 +1,30 @@
+# The script to deploy Keycloak on Greenstand Kubernetes cluster
+
+## Prerequisites
+
+- Node.js
+- kubectl ?
+
+### To install prerequisites
+
+```bash
+# install ansible
+pip3 install ansible
+
+# install k8s plugin
+ansible-galaxy collection install community.kubernetes
+```
+
+## Usage
+
+```bash
+chmod +x deploy.sh
+./deploy.sh
+```
+
+
+# Troubleshooting
+
+## Error: "changesets check sum: Validation Failed"
+
+This is because of the table: `databasechangelog` in the database, can be solved by cleaning up the whole schema tables.;
diff --git a/keycloak/deploy.sh b/keycloak/deploy.sh
new file mode 100755
index 0000000..32e8cdf
--- /dev/null
+++ b/keycloak/deploy.sh
@@ -0,0 +1,27 @@
+#!/bin/bash
+# This script is used to deploy the keycloak to Greenstand k8s cluster
+
+# Prompt user to choose the environment
+echo "Please choose the environment to deploy the keycloak"
+echo "1. dev"
+echo "2. test"
+echo "3. prod"
+read -p "Enter your choice: " choice
+deploy_env=$(node -e 'console.log(["dev", "test", "prod"][process.argv[1] - 1])' $choice)
+echo "The environment to deploy is: $(echo ${deploy_env})"
+#TODO
+read -p "Enter any key to continue: " key
+
+# check the k8s cluster
+echo "Checking the k8s cluster"
+current_k8s_cluster=$(kubectl config current-context)
+echo "The current k8s cluster is: ${current_k8s_cluster}"
+#TODO here we use the name in config/context, it might be problematic
+# maybe a cluster configmap is good to have: https://stackoverflow.com/questions/38242062/how-to-get-kubernetes-cluster-name-from-k8s-api
+is_cluster_ok=$(node ./lib/js/checkK8sClusterNameByEnv.js ${deploy_env} ${current_k8s_cluster})
+if [ "$is_cluster_ok" != "true" ]; then
+ echo "The current k8s cluster is wrong, please switch to the correct cluster"
+ exit 1
+fi
+
+ansible-playbook lib/playbook.yml --extra-vars "deploy_env=${deploy_env}"
diff --git a/keycloak/lib/docker/Dockerfile b/keycloak/lib/docker/Dockerfile
new file mode 100644
index 0000000..ac25522
--- /dev/null
+++ b/keycloak/lib/docker/Dockerfile
@@ -0,0 +1,23 @@
+#
+#RUN /opt/keycloak/bin/kc.sh build
+#
+#FROM quay.io/keycloak/keycloak:22.0.4
+#ENTRYPOINT ["/opt/keycloak/bin/kc.sh"]
+
+FROM quay.io/keycloak/keycloak:22.0.4 as builder
+ENV KC_HEALTH_ENABLED=true
+ENV KC_METRICS_ENABLED=true
+
+# Configure a database vendor
+ENV KC_DB=postgres
+
+WORKDIR /opt/keycloak
+
+# Copy the theme
+COPY ./themes/treetracker /opt/keycloak/themes/treetracker
+#RUN /opt/keycloak/bin/kc.sh build
+
+FROM quay.io/keycloak/keycloak:latest
+COPY --from=builder /opt/keycloak/ /opt/keycloak/
+
+ENTRYPOINT ["/opt/keycloak/bin/kc.sh", "start-dev"]
diff --git a/keycloak/lib/docker/themes/treetracker/login/resources/css/treetracker.css b/keycloak/lib/docker/themes/treetracker/login/resources/css/treetracker.css
new file mode 100644
index 0000000..9647e60
--- /dev/null
+++ b/keycloak/lib/docker/themes/treetracker/login/resources/css/treetracker.css
@@ -0,0 +1,35 @@
+.login-pf body {
+ /*background: url(https://treetracker-production-images.s3.eu-central-1.amazonaws.com/2023.09.23.14.04.00_0.45559833333333327_109.32892366666664_5e5b8f08-2f3f-46f7-adbe-967030e48266_IMG_20230829_091903_642222451085378253.jpg) no-repeat center center fixed;*/
+ /*background: url(https://treetracker-production-images.s3.eu-central-1.amazonaws.com/2023.04.21.03.36.20_8.485640049999999_-13.254117873333334_27928e01-6f29-4ac0-bee2-df494f3a1363_IMG_20230412_170116_1704432758494134189.jpg) no-repeat left 35%;*/
+ background: url(https://treetracker-production-images.s3.eu-central-1.amazonaws.com/2023.08.22.16.08.58_0.5209260000000022_109.31300000000013_12dad55b-8dac-4224-93ba-de8631460ac7_IMG_20230822_151206_4872363611904227603.jpg) no-repeat left 35%;
+ background-size: cover;
+}
+div.kc-logo-text {
+ /*background-image: url(https://map.treetracker.org/images/treetracker_logo.svg);*/
+ background-image: url(https://map.treetracker.org/images/treetracker_logo_white.svg);
+}
+:root {
+ --pf-global--primary-color--100: #86C232;
+ --pf-global--primary-color--200: #a6dc5a;
+ --pf-global--primary-color--dark-100: #86C232;
+ --pf-global--primary-color--light-100: #a6dc5a;
+ --pf-global--active-color--100: #68a119;
+ --pf-global--active-color--200: #b9ef6d;
+ --pf-global--active-color--300: #89e00f;
+ --pf-global--active-color--400: #80aa44;
+ --pf-global--link--Color: #61901f;
+ --pf-global--link--Color--hover: #547722;
+ --pf-global--link--Color--light: #b4ef62;
+ --pf-global--link--Color--light--hover: #b7e973;
+ --pf-global--link--Color--dark: #679822;
+ --pf-global--link--Color--dark--hover: #5e9413;
+ --pf-global--default-color--100: #86C232;
+ --pf-global--default-color--200: #a6dc5a;
+ --pf-global--default-color--300: #86C232;
+}
+@media (max-width: 767px) {
+ .login-pf-page .card-pf {
+ margin-left: 20px;
+ margin-right: 20px;
+ }
+}
diff --git a/keycloak/lib/docker/themes/treetracker/login/resources/js/treetracker.js b/keycloak/lib/docker/themes/treetracker/login/resources/js/treetracker.js
new file mode 100644
index 0000000..b25b3e5
--- /dev/null
+++ b/keycloak/lib/docker/themes/treetracker/login/resources/js/treetracker.js
@@ -0,0 +1,18 @@
+// javascript to append a new div to body
+var newDiv = document.createElement("div");
+newDiv.innerHTML = `
+
+`;
+
+// Append new div to body when the DOM is loaded
+document.addEventListener("DOMContentLoaded", function(event) {
+ document.body.appendChild(newDiv);
+});
diff --git a/keycloak/lib/docker/themes/treetracker/login/theme.properties b/keycloak/lib/docker/themes/treetracker/login/theme.properties
new file mode 100644
index 0000000..ee8200a
--- /dev/null
+++ b/keycloak/lib/docker/themes/treetracker/login/theme.properties
@@ -0,0 +1,5 @@
+parent=keycloak
+import=common/keycloak
+styles=web_modules/@fontawesome/fontawesome-free/css/icons/all.css web_modules/@patternfly/react-core/dist/styles/base.css web_modules/@patternfly/react-core/dist/styles/app.css node_modules/patternfly/dist/css/patternfly.min.css node_modules/patternfly/dist/css/patternfly-additions.min.css css/login.css css/treetracker.css
+scripts=js/treetracker.js
+
diff --git a/keycloak/lib/js/checkK8sClusterNameByEnv.js b/keycloak/lib/js/checkK8sClusterNameByEnv.js
new file mode 100644
index 0000000..3b747d8
--- /dev/null
+++ b/keycloak/lib/js/checkK8sClusterNameByEnv.js
@@ -0,0 +1,17 @@
+// usage: node checkK8sClusterNameByEnv.js
+// output: true|false
+const env = process.argv[2];
+const clusterName = process.argv[3];
+
+// name array, can add more if needed, in case setting up the config varies.
+const clusterNames = {
+ dev: ['do-sfo2-dev-k8s-treetracker'],
+ test: ['do-sfo2-test-k8s-treetracker'],
+ prod: ['do-nyc1-prod-k8s-treetracker'],
+};
+
+if (clusterNames[env]?.includes(clusterName)) {
+ console.log('true');
+}else {
+ console.log('false');
+}
diff --git a/keycloak/lib/kubernetes/base/deployment-raw-client.yaml b/keycloak/lib/kubernetes/base/deployment-raw-client.yaml
new file mode 100644
index 0000000..776551d
--- /dev/null
+++ b/keycloak/lib/kubernetes/base/deployment-raw-client.yaml
@@ -0,0 +1,288 @@
+# deployment a test client for keycloak
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+ name: treetracker-keycloak-raw-client
+ namespace: keycloak-next
+spec:
+ replicas: 1
+ selector:
+ matchLabels:
+ app: treetracker-keycloak-raw-client
+ template:
+ metadata:
+ labels:
+ app: treetracker-keycloak-raw-client
+ spec:
+ containers:
+ - name: treetracker-keycloak
+ image: node
+ command:
+ - "sh"
+ - "-c"
+ - |
+ cd /
+ mkdir raw-client
+ cd raw-client
+ cat < index.html
+
+
+
+
+
+ Treetracker Raw Client!!
+
+
+
+
+
+
+
+
+
+
+
+ Treetracker Raw Client
+
+
+
+
+
Welcome:
+
User Info
+
+
+ username: |
+ |
+
+
+ email: |
+ |
+
+
+ roles: |
+
+
+ |
+
+
+ user id: |
+
+ |
+
+
+
+
+
+
+
+ EOF
+ sed -i "s/dev-k8s.treetracker.org/${RAW_CLIENT_URL}/g" index.html
+ npx --yes serve -l 8080 .
+ env:
+ - name: RAW_CLIENT_URL
+ value: dev-k8s.treetracker.org
diff --git a/keycloak/lib/kubernetes/base/deployment.yaml b/keycloak/lib/kubernetes/base/deployment.yaml
new file mode 100644
index 0000000..d5d04ea
--- /dev/null
+++ b/keycloak/lib/kubernetes/base/deployment.yaml
@@ -0,0 +1,59 @@
+# deployment for keycloak
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+ name: treetracker-keycloak
+ namespace: keycloak-next
+spec:
+ replicas: 1
+ selector:
+ matchLabels:
+ app: treetracker-keycloak
+ template:
+ metadata:
+ labels:
+ app: treetracker-keycloak
+ spec:
+ containers:
+ - name: treetracker-keycloak
+ image: dadiorchen/keycloak:1.5
+ env:
+ - name: KC_LOG_LEVEL
+ value: INFO
+ - name: KC_DB
+ value: postgres
+ - name: KC_DB_SCHEMA
+ value: keycloak
+ - name: KC_DB_USERNAME
+ valueFrom:
+ secretKeyRef:
+ name: keycloak-secret
+ key: username
+ - name: KC_DB_PASSWORD
+ valueFrom:
+ secretKeyRef:
+ name: keycloak-secret
+ key: password
+ - name: KC_DB_URL_HOST
+ valueFrom:
+ secretKeyRef:
+ name: keycloak-secret
+ key: host
+ - name: KC_DB_URL_PORT
+ value: "25060"
+ - name: KC_DB_URL_DATABASE
+ value: treetracker
+ - name: KEYCLOAK_ADMIN
+ valueFrom:
+ secretKeyRef:
+ name: keycloak-secret
+ key: admin_username
+ - name: KEYCLOAK_ADMIN_PASSWORD
+ valueFrom:
+ secretKeyRef:
+ name: keycloak-secret
+ key: admin_password
+ - name: KC_HTTP_RELATIVE_PATH
+ value: "/keycloak"
+ - name: KC_PROXY
+ value: "edge"
diff --git a/keycloak/lib/kubernetes/base/kustomization.yaml b/keycloak/lib/kubernetes/base/kustomization.yaml
new file mode 100644
index 0000000..1f09592
--- /dev/null
+++ b/keycloak/lib/kubernetes/base/kustomization.yaml
@@ -0,0 +1,9 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+resources:
+- deployment.yaml
+- deployment-raw-client.yaml
+- mapping.yaml
+- mapping-raw-client.yaml
+- service.yaml
+- service-raw-client.yaml
diff --git a/keycloak/lib/kubernetes/base/mapping-raw-client.yaml b/keycloak/lib/kubernetes/base/mapping-raw-client.yaml
new file mode 100644
index 0000000..918f95d
--- /dev/null
+++ b/keycloak/lib/kubernetes/base/mapping-raw-client.yaml
@@ -0,0 +1,11 @@
+apiVersion: getambassador.io/v2
+kind: Mapping
+metadata:
+ name: treetracker-keycloak-raw-client-mapping
+ namespace: keycloak-next
+spec:
+ # mapping to the service on port 8080
+ prefix: /raw-client/
+ service: keycloak-raw-client-service:8080
+ rewrite: /
+ timeout_ms: 0
diff --git a/keycloak/lib/kubernetes/base/mapping.yaml b/keycloak/lib/kubernetes/base/mapping.yaml
new file mode 100644
index 0000000..fa9e0ec
--- /dev/null
+++ b/keycloak/lib/kubernetes/base/mapping.yaml
@@ -0,0 +1,14 @@
+apiVersion: getambassador.io/v2
+kind: Mapping
+metadata:
+ name: treetracker-keycloak-mapping
+ namespace: keycloak-next
+spec:
+ # mapping to the service on port 8080
+ prefix: /keycloak/
+ service: keycloak-service:8080
+ rewrite: /keycloak/
+ timeout_ms: 0
+ # cors:
+ # origins:
+ # - "*"
diff --git a/keycloak/lib/kubernetes/base/service-raw-client.yaml b/keycloak/lib/kubernetes/base/service-raw-client.yaml
new file mode 100644
index 0000000..cfd009e
--- /dev/null
+++ b/keycloak/lib/kubernetes/base/service-raw-client.yaml
@@ -0,0 +1,13 @@
+# service for keycloak
+apiVersion: v1
+kind: Service
+metadata:
+ name: keycloak-raw-client-service
+ namespace: keycloak-next
+spec:
+ selector:
+ app: treetracker-keycloak-raw-client
+ ports:
+ - protocol: TCP
+ port: 8080
+ targetPort: 8080
diff --git a/keycloak/lib/kubernetes/base/service.yaml b/keycloak/lib/kubernetes/base/service.yaml
new file mode 100644
index 0000000..ad18a2a
--- /dev/null
+++ b/keycloak/lib/kubernetes/base/service.yaml
@@ -0,0 +1,13 @@
+# service for keycloak
+apiVersion: v1
+kind: Service
+metadata:
+ name: keycloak-service
+ namespace: keycloak-next
+spec:
+ selector:
+ app: treetracker-keycloak
+ ports:
+ - protocol: TCP
+ port: 8080
+ targetPort: 8080
diff --git a/keycloak/lib/kubernetes/overlays/development/kustomization.yaml b/keycloak/lib/kubernetes/overlays/development/kustomization.yaml
new file mode 100644
index 0000000..a4bd22b
--- /dev/null
+++ b/keycloak/lib/kubernetes/overlays/development/kustomization.yaml
@@ -0,0 +1,6 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+bases:
+ - ../../base
+resources:
+ - sealed-secret.yaml
diff --git a/keycloak/lib/kubernetes/overlays/development/sealed-secret.yaml b/keycloak/lib/kubernetes/overlays/development/sealed-secret.yaml
new file mode 100644
index 0000000..02ea587
--- /dev/null
+++ b/keycloak/lib/kubernetes/overlays/development/sealed-secret.yaml
@@ -0,0 +1,18 @@
+apiVersion: bitnami.com/v1alpha1
+kind: SealedSecret
+metadata:
+ creationTimestamp: null
+ name: keycloak-secret
+ namespace: keycloak-next
+spec:
+ encryptedData:
+ username: AgCNGCcvcy43QqcOBxRhKNzIjwqmMZZDJFmdesMU6SYuVky0uEXTNtXpMo2kGvn1cv+4l3Rndb0wgfulODmeXJgfkSb/iiROmGdbfOGsvtlmGUySl5cdw6xm7jKfiUab3p/Iezjyhu8bvA9cFeivUzBWv25OcJTj8XkXXORQY3cGWuwlyspg1E1xv+ACXBuMvgspwDjb+JwVvY4SF8S5WQcjrKwK239djXb6JVfZxoA16xscOM1NpxXudMRyjm+RPixG5r6VAhyFYr/VB76OHiHNLUessxBCNEJ3yThu8w0b1QCq7jDc+xFmoLxm0KC+4tg8mng+kZsvj/EOJWIBX97LlC3kzlnMBXwgu23wmSLw8Ka53x0JOdMBkEATFxlxe8IuMQcYShTIeGzmLFLrkWdIwFscQ+SV2gZptNMczJevRGmg3kJILr4fjLO9z73U2/z7veZsf66yldklS7BoGkDss7HC9kjfA1BMIrUTfi9paM08kX+ZJ9UQtpf4BrUTZUGeEj3+D8DP4rXFBnhho+8+eMB/VCFyr8uccuBD4ml+dgACrWHLtiD6UHuJzwKx/tanWWYktfgWw6MTfTwKAgSdBMaV8PuLrAAnuNC+OHmWIGitXaE/bSiQlRL7NG2pGjPk4D5/j/2n1UTcKrVfDU5ObjCGBzRbOqfS589Lhb9+20sSI9YOYqbaGfPeo/ePdTv5o1HhOqHJowxb
+ password: AgBx2wD4kkgbkM//YkzldbXO9AucDCtehzle55NgDZXrFVY/eEeO9poirLZou3JqKbnDG7JyW0SuCNdJqeEc+EJEfQkB2MpTRAkBplPqaorP1DJnJbri/OOQKszLp6RUrwZJq6KvmQJmMI1Kxmt9PjSd2fllStkMIiLmBgVfhEyTt0KKl7sURPDKJz5midQQBYtqIFLoQwSac9XMLErm3/Sn836R4U8xrJjHuYAl5Wcr4OrVZ2Wxie27CUEpskLHU8efXoS556roX2itUBms0Ml6tEjJRKi7dJ9qSPeKWcYFcHVMHj8eC9sDRN204H9bAmPfc7P+jO9VVtt63mOhSYcs1R7bj4ohVCWKlxxKi5vZArnxv1c8MJoBKld7Yd4iBG/OQxiInLt4DTIntiEvIredv9O/SY3cLEKlauwpq9bzQgkl4FrRQ+SXidyJsQk1c16oG8zTib1M7UYcT1u1gH2zWtVrZHzO3zzpvopuh7d45XXf0aAp69+uD+15YhMkEi+i9Owt0n9SdWh4dvxRE8vT/9FaWLLmbMRVt7is6nKDjX3+EOFIR8efB0LFpgEvGwPqkPG6JanUnnFdvX4HDnob4Jp6DJSt8nME2AtKELWJ2jyqd4WkwhEGSi9/dLlHdJiFd8m4pKxECfNytzX81lMBVEiVnZN1xC912pH7Qv19R6jxc1trPZCx5LPaTJQMZxlhc5l+AAP2/gmoqMf+L2000qAaqyCXVY8=
+ host: AgAvCMRMr45etq0BdXykCiNmo3EVzdHsuFcNj4cAzpWk2nMwg9ShK017hRtYx7xJrqJdOIoGzhOgqX/qTQ5BFws5A46kW6d2FXBFyfx4R5lDaMBjiaaY+VGg0lqEv68/wFHCSg75c9Wyvq91CmdMdad+sB5yxatEvMY9PqrDYPeDte2Ri274Qrxd/BmnhUrTMwfYhZ8/LTzPL5B5Iw80w5T4IaM5ZgDonRx0s92TJOf431MAdBdEVYVP2krErpxLDMHeqd8mnfe29zXMXfM3Ihl2SJeDkXow0vMNpmxmvaPpTItLP2IASptW8bR3EaAcWcTzZM3IguCzTxHs4H/+Xl8aE1BfX6RsAhTd2iXKnAdZLkbfF8ymKP8a7bSPVR2sZF7I1WHISLkbbop2kBTEdtItwMXkO/SwgCgNazENmFUCeQRpllrpkSpUjgMulacCWqpzv9dIGlOeFCKDFgqrZd3Pv6e/ut54mAXWZm5alMxR36l/PYBNh0TMuEkn6b38hEWUO45u9C2XbF0S9+h+BWz2Bt1ij3iSGkoFYSnAnMYXZ3t42s6xtG9Gq7+pRSQu6JoY+frU2RrMbuw+1fI0bBX+NsfUpDhqhEghg2p2rVf+SeS147OJ0QG8JtAdWTnaXtUJkE/PGBrp0b41TB2Q1mSW85xFmCv8kkE2AAv1MhPm4bGhIuFUtBYb1JVLtnER5L61pQzrqknee20gxS+ta5JcD63LbrOUtTu48Xqamji3G/lhkrwAS8O4TY3tBaihUbaJkOsSTtnqvWzDbeqDQFNKv9A=
+ admin_username: AgA/X2kBuFzO8IEKhGNLwJi7NpsuoO54uhHYhNZzIxSWOFp/zouu5Ib4TXd8APk/GnGG/IN8FMbNzqHJQUNQS1mG2HV8/tHbzXda1pnf3RHDLZb5el8nS9ehFybx4yT+X6AbUwgCYuo5A6YtgeoHCDVi3wj02XSrxFgK498E7g1pbUXw9tQgI4hd1dgRXHahGv+cA8KD5jaLBv6wLo07H9TVtT5dY4ZnIAFoRkNQDhIVToAxLRBLJgsqKo90PrHo3EqX7riThbJsL0FEQR11JbfnnCTuj+wwzI8a3opmSVBxGpFs0d7d9oRYtRAsX9BJrWv2e14bEhoK9e/yAGlkHpQzvqnH9mZsvFKze3gXrbc+WUHK02SV4c4bL4ym+yG7xfTb6/0gIVytjFVM6C7YXQ4ltZl4cERzA/n+IWB1YKaU1ChdPtDcecQHgaxlaEPTL4MS3NOsV8jJDhmZgztYJZNJ+crfavx2CG1McBFdJohTKJZznSzE1BZHfJSnJo1N82FWff7ryf7gxToVusdAHxNQokZQ+uy1I3sa8BwDIp5PuuAl22qNfdHRag0TBBZw9aTBoLrnWpf/7JbKSrky6MHY28JaKKUnOywfwEux7HAzG65TVsXbzhvhb4C4MG6qL4cnlcxbKAcbZ81ci8HRMvpFMzBG63j1ijaoKkgozNXTt2Z1fdNhZTwuOhSYop9bQTSxoMqN9g==
+ admin_password: AgBUBQAfA67jDNjdb7bc8zNLHnTBR/UAd5U1jxQTprCjxrNA1RAgzJhQCwQGyXdnKQsTiZcB+AzvvJcj4Q1fbrrQTlyZ8lRLCaydkUPIyjUDUTp/RHZ76kncdQ0aU8Rs2Io/sDbXNO3PA0uPFS9u+4dHTboAUTKr4IWK/Oeke2aX3i6LA6cZOfAjfKDEjHcDWkXecT+dY0vX1b0qWhtKezI1i43ylPMF7ilHcJXsaXvec8WCz3irKzLsV1iobBgD8UnVjbpgX/DUlLnnBd/TvTmg1hPlzhJqkwDZ8GMaEg4gUfxoZMHwoYKl15lM3XEF0iyjqd45k39Lo6hdv2fCCXVfx1J9tGXC1Etp0l8DQqLHlCoELxXVDgx6t7RDpwBb5cvTRONW7mR2qLw8JBC0tdKK0Uix9mJyB0OyRxwUkMsUV3c4WrdDt1AUv6+kPsSc64rm3hcMd2LpXZfc37lb0UPNDPc2xLoCitfl3AeJ50wP9G2m/FfyW8JBa3SBoymq0cnmFXm8yfC5yyWa1rqH0CmNKl5AnOhCKia45cH6r4OKGBmnbDZ7wSw4+QPTB9toXYJfqts0iPNR4TiE+OBzFIZ8W37jp/cbX6gKAz1h7ONKYx/Vd5lzHdyw0spo+wahXLZH3fIOT25BmSRympsNm/s+z5zykXp3TCP+HZoTyO1mXlONsgqYyXqU7te3jyvQNwed4QWWP+d2JbqMqS4=
+ template:
+ metadata:
+ creationTimestamp: null
+ name: keycloak-secret
+ namespace: keycloak-next
diff --git a/keycloak/lib/kubernetes/overlays/production/deployment-raw-client.yaml b/keycloak/lib/kubernetes/overlays/production/deployment-raw-client.yaml
new file mode 100644
index 0000000..c19b2ed
--- /dev/null
+++ b/keycloak/lib/kubernetes/overlays/production/deployment-raw-client.yaml
@@ -0,0 +1,14 @@
+# deployment a test client for keycloak
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+ name: treetracker-keycloak-raw-client
+ namespace: keycloak-next
+spec:
+ template:
+ spec:
+ containers:
+ - name: treetracker-keycloak
+ env:
+ - name: RAW_CLIENT_URL
+ value: prod-k8s.treetracker.org
diff --git a/keycloak/lib/kubernetes/overlays/production/kustomization.yaml b/keycloak/lib/kubernetes/overlays/production/kustomization.yaml
new file mode 100644
index 0000000..767c247
--- /dev/null
+++ b/keycloak/lib/kubernetes/overlays/production/kustomization.yaml
@@ -0,0 +1,9 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+bases:
+ - ../../base
+resources:
+ - sealed-secret.yaml
+#patch
+patchesStrategicMerge:
+ - deployment-raw-client.yaml
diff --git a/keycloak/lib/kubernetes/overlays/production/sealed-secret.yaml b/keycloak/lib/kubernetes/overlays/production/sealed-secret.yaml
new file mode 100644
index 0000000..13a0a2d
--- /dev/null
+++ b/keycloak/lib/kubernetes/overlays/production/sealed-secret.yaml
@@ -0,0 +1,18 @@
+apiVersion: bitnami.com/v1alpha1
+kind: SealedSecret
+metadata:
+ creationTimestamp: null
+ name: keycloak-secret
+ namespace: keycloak-next
+spec:
+ encryptedData:
+ username: AgBi/g8WKOouW7ko9+wVlgXqZW/0U3Ei56W6R5YScFU5gvm9n/ssCZ7JFigf9sc6MmvcB2gxWQdZsQFhhrtqw8gEc0oab6vmJoYbE3KwPAU+nMf3lSAtLJ089JlidXmAU1XmN5WDoELJdVv/l6wtC5esbqcixK+o1xawD23VYYqbmhoy4SdZaroOQTRHyG6Jo0KfxrL5p7/IrfkRkavQhV9KvyfEimeSF94Z/a1hZkgyBr0jN7Lzs7tbj5qprjT4TQ5ylxq4KkzPRoTBls9mvtPdszERZl7nM2Og/nvI4NwejHKMQLGvxb25TySDdXivkJvk9r2ENLR625lz+s5p3HfDUIx0clCtCiEhObUq/yQbX14hpszasxRgKWixiEALARa/WLuLDJntku1MgjzM36+fc++/3U6+MXLojP3EPgqnSn54VIbE+S1FakTUWeKS5Ce2d3ZpPFMfkwSYmFDxJNIcqeIG+mQU6eXyPwceNYEtl0T5C+0Eh5l8qSFtc+akmAciMRLfIgqjZ0HM3Y9buOwInzqnpbwsYrLIIDfs1jGd6N2NraCtZdsA6EebAMrJ5+PuHfytMy3PAuBVfUMtmcoqDZRJA6sfo5ymToimCMo5KxK4wMQYPRsN7EacTHtf23mYUfpAJD+7qh8Bkf2CnCUtmmBUS26EfMtZRtSOZVinvzz+GQttGDjQPePvZ0qxINk+QSgKX9BlIm+s
+ password: AgDBdWpWc+IchjZ+4p/xmHblvDN6Kg3saVBJ/uJpJwG8WONqbnE8Sjwp6TRBj+t798f4FaJgHhx/MZeRco8OXsYjWjeOO69TvOuq4w0Atc7EQPacIcq5Rc05VVImG2Cs22EftpcRRsrtRgABLOpPKhwZc5NVY2od/l9MlQXnOOaRy1Een8EE/38IaH/xykCiQWca8ymfSzSFkpg6wyoMMdVc455DtD/XYL/0XfBNa8tihjpIH/VgMHujjWpmqliIdWf71qhQwe91KAePJ/V9eN8SH8ricygcmW9n/WJrig4PnOTdD+ZVOCw/Or+JaB4AJQcx+r+rNzMyCNmDbOps3DA4crX6geHXZopnRweZetUCtBliPsC14shJLsM+JTw8VJISeoS3byncQPtuZcCOHyBMdtiytMxrdQxLco7cEd+CuXaN7HyX262T2XjsYLW8M9US+DNZIyxAUserMh9hsH5QA9aWcbpg0HEMGFjFQV2ABVldMY+PjrYI9/3aHAr2U7EOqDGCoLN1wT7MpjyaLXyJi9OUiV1GQrnx07kEQN9Zmh5zNl2gYTVfnibC1DEI+uI/A3ribNBXx/Vgz62QuEshaBZUVh26ekkX486bav3Lo1Xtd+7pZDgj/9pJZP3nsivhmsTp+UrideLI2V8dECI7R+nmPFvfka0NYZtLtv3NFV4c4PPUbsk4G/PtOEc9GUCLcmEokx5V3k+5iGxKkGXLPWd7NxaPYBM=
+ host: AgAZtN13o10l5bcqcoapin4+mq3TQTONLRqQiCEHslK6hrqslzwwTfjVbQTluruqKvvFCzB9lIlCqEBq3nVvXaeB0F+JikedOqudi3ZKnZOkHzQxmtO4F3HV3+z2YlilF7O3+6gHHk9qrHxKjPJgxES6IgtkTe0HbsDUqgTuSDP/gTArdMmUdr1GnAkkTXdn22yOv7WRhlUFrc2ZGFjARtRwifeInZVQBjwevovpHr5eZ/hsUqljuDKzLhMDXb4ZDHWFr03xJrgWx+Y/jN9kVx8GWtAe67K/eDpUqXdJhU4tgsyzv8nFHuJ0DpAP+c2VoMQqsKd4ib6S82hTYvzIFAJu0P0ijGm8Ja1e61M5qpTnFXXSHEAXgcGqi8bjXgFNFxZjYPyLh77XTrslTPAe7C8gKxPLX5+rL4bqEMYyZo1k+d0fKQ0f7SMfF7nx8zdPvuTcvVIr48b42Za1aDxNJMmCRwpVt/inf+zfUNDUo37FhS9QHfCQOCeIT7iKaXQLwBzAuLWVYgsDdet6ropRZwzTrJApD5M7EzFo96qmn75RgBpZk75k3PlLANCWrkZQ+pZD+kuygeCAi+Ci7ILpA6ODpqZsDa4p71PsaBWrA7rqG1oeV8Tz+ccL6dCVNsEN+BazTNwbL/mraQzjX7S/zKbZHyOUlNqReYij+2EGWsoR2f7JF8G5475yPa3OS1gxxmC5qa3kvit7l3pVXDtb3ZQOD9gSUXcLhSpGP9a3h+dPUG9+tmj+wJd0EZ8J1+Pj0kLgVwrvRtVT87yYRtnr
+ admin_username: AgCDfzbnPEFcqyt43S8dPQdBy+PropM7xNKVGMadh9QVqrmrJ4tGiFschaoMJu1/dwamRTnUfNxR1B4beg78FNkr+e1j7dv408jVl844MTqNiCbmqNzz7G85olXu6JYs/UeXDxYlxJzNuRSq8c2iEYadNrJX06uW04XiJfwq7LUUaYUBSKemEl564gnQsPfIKbBFq+GbV4KOGHEk3Uj2zhJh444F6eF12hAZz1JkwI1vvO64T4Uo0Z3efaTBq/jGg/pCcdWT9vsh41pzGPWDvHucc0AEe58re1IZGAG1HOZXz9BR7RkOwPcZ9FG0dlKsayMi3298J/0MQEiNV09hpJvPhJ4NOdoGzjkomVZVq+BLW7I6s3P8UV//MvWMnx2XZNBHjZgPnM5laIb/zWDRmVV1fFgYFZ6VRH+egkTdMa0QAVEtMibGDHt8ckUrkFfgFKiaCUHiI6eWrBX8kwm2paY9JrerA//J/GLr9K2MY8FDtCpYTsssGvEShvkDD2oMBWJhOIXynN6gzhALyejjYRnXlVPmX1IB2rTH7IbKgsCKF4xuUJK9SK+IhepguY36w9mVKPh9WHy4F6s0p67jiXD5oRv29YehypbkEezKd4nBuRdsuO71GzLuKLiwnpSN4mir+/CPGzd3vhGlRyJ0Rd+FVTm49GiF4hfG2jIMQIxAldDAollytP8NsHDepcFrPOb4NTMG3Q==
+ admin_password: AgBL47X2qNNDs8T9G3sgxrBco9DYXsG1naYSN3OP2PcHMU9wt2dZtaHuB5oa9mZUa8650mzpCxamYw/7VyIndiMeN0vmAZz9r30UTDG+aKGSOyZf1HkRYxLaNpwqtElaFLD64K4oAU503QA1Rk5kRkH/DZ2aRE1eq2Z3B/JTeQDIQGv75mePhNn9m9ldBHC2/GMTvTh33iEtTK5HfFrEQfpsvY4X6rbs/mR9G4HNMwp4iy3yqOkU9CipZvsHkMoh/nqdP3LEUmn3mj23NXDHlTzDmIEKZsgFAzRL8oW2vggKTkuorUWdbAIe8OZkMQasWo57l5477tj2hwFt31uEy7HEhryzsQ6zDkqFZWxGwZDlmNKR774c6xIMNeWQ+S9k8TODBgSsnAvds1Oj5WbPFT75pKJCVGfi2G4Oe+lyFQnq2OzpHKbk0Uwr2LM8lPt8WW+LJlv2gXyGuHdnecYgcqAe4kegzWZaQDT5kIbkPTxSpFdbmWIAAgclhbkTVRTC8/h1Ka4xCY+hakLYQUEbOarE2Z2+nwstX3T28EVfXGm4PqihIbPfKJ61c9yo23tK8jXqRnzmyTvYJw0+5I462F8o+ixhvWpvVY+evkYEFnVz9ixP9mczQhW7dKUEaRsK9pVBf7HdsP+vDdGHlkOgQIkznRbAIHv4nDA1GCpH9/Kl14xAhnrUj/J8UNVVMS048edEV4R5lVKeXqKR+rw=
+ template:
+ metadata:
+ creationTimestamp: null
+ name: keycloak-secret
+ namespace: keycloak-next
diff --git a/keycloak/lib/kubernetes/overlays/test/deployment-raw-client.yaml b/keycloak/lib/kubernetes/overlays/test/deployment-raw-client.yaml
new file mode 100644
index 0000000..9a68904
--- /dev/null
+++ b/keycloak/lib/kubernetes/overlays/test/deployment-raw-client.yaml
@@ -0,0 +1,14 @@
+# deployment a test client for keycloak
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+ name: treetracker-keycloak-raw-client
+ namespace: keycloak-next
+spec:
+ template:
+ spec:
+ containers:
+ - name: treetracker-keycloak
+ env:
+ - name: RAW_CLIENT_URL
+ value: test-k8s.treetracker.org
diff --git a/keycloak/lib/kubernetes/overlays/test/kustomization.yaml b/keycloak/lib/kubernetes/overlays/test/kustomization.yaml
new file mode 100644
index 0000000..767c247
--- /dev/null
+++ b/keycloak/lib/kubernetes/overlays/test/kustomization.yaml
@@ -0,0 +1,9 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+bases:
+ - ../../base
+resources:
+ - sealed-secret.yaml
+#patch
+patchesStrategicMerge:
+ - deployment-raw-client.yaml
diff --git a/keycloak/lib/kubernetes/overlays/test/sealed-secret.yaml b/keycloak/lib/kubernetes/overlays/test/sealed-secret.yaml
new file mode 100644
index 0000000..4c68e94
--- /dev/null
+++ b/keycloak/lib/kubernetes/overlays/test/sealed-secret.yaml
@@ -0,0 +1,18 @@
+apiVersion: bitnami.com/v1alpha1
+kind: SealedSecret
+metadata:
+ creationTimestamp: null
+ name: keycloak-secret
+ namespace: keycloak-next
+spec:
+ encryptedData:
+ username: AgAhvWlG7Nkxo62zbg10iL2c+1fYl9Iv/i2mX5Yg+7S70ctABrLmjPSusYAnHe0TZ/lUE3noZ/ERnJVDbAhWebX1fkALTuKtceo0vjzDs+y6r2yVwRMdXBphcKbMCZORrjDqDD0q/Y284FXYJc2wh879rFzdwfePdMNtu4jXbgTdaBeBiVStMS+0UBtfjbbPo/1jIZ3MgHQjdPZRNkmt2wgQDm15C4xoyAM4kIqiNKdQCXlLqFy3/WENJ1WHBbMZ1PVw3+fsfPvsc1tuilbcz4QyUZtXE5z6HNiwQGhK/wL9wlVaB9vAH0kJqM75Ymx+jyh1RIJX4cnaPZj1KF+ypKyVj5gxjBzE4CGWluil0V9J/9Qt+R3KPhcpkjXjDY0t0nzjJs3P+IjcorACujfJ3PPStrm7EC44ZhZjHbdQqNKY53PKrCVzjv4F4CttbywottGDVnljzIOxqdJCa5jzWCFgywyTQrBk772pkEWIkphLFrwSSyCpSZSgWqXCf7uTfLZL+H755+BHarjluZoutJhUOv69iHLVgRSycWi82xuniDwIwxjE9QVcIHkEXDEHF+in1a13fREOJs33kxD9Q+FP16xLFvtZJsb77sHNc14rH//wRmMn4WAVC7IvRH8iuUzL9gVNqMOExNe6v0h/P9h/ZZAZgorTXLNgA3hclb18Hv+c50D6DQFKhheE7LhdhLyXTDg5PhF84uN+
+ password: AgCKLYQEiqmEdlXqoPhQThwQtejpfoHeX9x3Dx4S1Vt163B32voWlEUKcOmGSj2u32Bojlwj8AfQRp/RC9Gu6WymgxuzavmnAB3cpEHSFZbaPCEiO/v7QvZrMYpCQacdy/UcTcV5vLDrDX+5ijHtSj9dcURBez7hV0HP9us85/86xZ25FXFszG/01GPE2u/1tJcvtiaHyyghXkPomY/K5mb2A5uUbAlsmPqAIZSKxUdJenjN/k+3Xh0z+SwLHc9xPDRHtrNsY5+9cyarlhC0poJqMORH3d4cEzviau8eviXGpv/QS0wtgzpPS+7nc9FUKEB+KKFbZuqRoVrvsyRN1MALcenEYN+N3oU/41Zexu4q79zfCrfqNJrqGujTYP3b25KdXa+F44NCxIQHj3b6i+3OuV1Ih2L7eGBC3RU3Iq3T02BUJd396DYZz+pjEAlF3r6MUN6GYTTwV5fR9fTQ4z0sVKkxlfBuJPoqYcZU/c/BlP/BY9Wi7LDIVuGe+l7IyNYbZ2Z10uMS56CKY9ol9Y6Gq4pp2IGkG4mvQ0Sd2RdHfJFsnomPc3zYJsgf0uJmBVwSLqLvgquohAQbfu7NB1BA3IOqmQzoMOzSHqbGyRrREIy/XIlXodwRJCZ2W8hWqdKkEc4XS7dU7WXvy+zwZz4LGm3zyDsY60za0h5litv2f633x5EVIt+oeWyCOAqG/6pPgW/mXk4UnUPXA8a4Lg8y
+ host: AgCjpXB3CAqTXYRwky4wE7Znt/Et6Z4MCTsGs9IzIe52Tymyajw0VgtXKGPuQqlLevUAXBE8Owr004Ql9cVca1vEx9Jm+KtvUzWkNDUPxN7mXhgomLjLUQ8s13IZlhv11yOMD06L4SSdUzf8YB+qJZpzYkWJ0vOrqzSVU6MNbKCH9oFGk+G+GpfmBX+JDvZXuzaKTGKxxBaUTcO4QgK7+AfgVpx7dV6Q5yJoWnG3l5HRRTB0UfGH8zVf1qLotXZbsFkqntOryS6sxVXv8chDRTxKafQYdl+9gfv/SCX0xZocnBgfw9WkHb6H9oqBJsGMvDZd7sSGIYvs9LdVtntmkp96V3DIReFwHFtgOBZ/Q4fg9hxiHbxM7xYBwhLgle8gLZGHp3MNQMwmg9610qeSJRQ2YfbCtwO2GCE9MVVkj/FxlaCB5/b19kw1azsyWKT9znGMzfkJ7gVMmU/nZadJpVyEg1qtWMSSpRBbH9v3PRHT1zx+ovaQHTBUWv9Bp8c/Knz5V1jcYJmGqhnVd8BFRvcHgo1h5zE7JZI9QAWuvqPLtTBzSBvQgXReRXTd265m6JhVEbfRpzz/q72aTIVuoQZ/yJM4VSs9rsuGZcI2Qd0l9OU3WMo5xa+ip7xXNX4zS8JdTVPPcXuFD2Zxz0oRjnL0ruSopMZu8zceVG+/rN6Hr5/s5F9/jE4QnqFdC79jPSNgIxLbv67lNTaQOVFFKbnSnCWRaZEpQfPuqQMKUkBM1nVk28y7TrgtXqYcvUZE9NAPqwTKEPAYbbGp3N8FyVkT
+ admin_username: AgCGdHZy3xnHv8kQBfqtT13+2k9qnB9fXBMQuuxueZzhNekJeK5vKa1pkWm8+0pfAfc/VACvT/IBo204OBSdn4M7Vv1zRICHdzaGcHvienCALw+7XnuZbxWdnpIbu7mGxM3wWVBfGDFDymFd3QjkwVseLNhiU7gdrMY91XdmOp/VzLHgy81RgHU1sksuUf1iv3N8SkcsufX7DgWhpTbgClIHXqZYLb6brU1UP1HNvehdS+h+Ep7jIyDDg18EJg9ARgjBUvSaO3CCZkLHrfj4BHm/gRh0mmhfC0mMFBRmqKMV1DXarDJysJtpoIjcUCfAOrd2AgXNmxHr02g8i+1fSMLAST3T5tghVAdDP1zLVASd/FPdo7zQp7MtG5Yg0tEr1I+8qUdERTqXj1kpeCBP+VoDiUOI1o3ZY/xXnAAKZv2dJDgNan1AGtQk53pJCsOAxK1bDGuYmjm9szFIpzt3HZm1w9YtzxDZUNojBMRsPrFdwPAGwUjLxaexnPy9uXDhBKCMXQpOmOwGylhp/kunXCITdXeWoafgsBvAwUVHhcRlX4Tal2OBzWVvNz80BBjaAcOH27VATmBhchSalmJrC/Yu7jeJGDOQVEyu8kkIibk2U8W0akTz5/qxIw+UFPB6E6/yl9mAQE33J4feOGw3B9dD1m17J7YzeJ4dhK7TW7/ZZ/S+hU9vN+Kun3gxjXH327Ym80xrRg==
+ admin_password: AgCUVVnISbfR32ORe03ypV8C02TgoLDiRUz2W+P18cQDuM0XtEm+EMjxcSUk3+iIfES0Q+8xP2eJEiWG5z8CHbCygZ8Oiy8i7IaIWlv05zB5pSbclsE4esEOeyYxxGLIvA2hP6npZiHh2u03UX4Ik4PvX5TKF15oDuTqG6NYgWQ28p1T2i/ZfvIqwvbqgnUCEtEurY9fx6tkqb1QuhzfuxM3fExvx4mUZC7gXFB0prC+i8ZCzjkEJ9GV4nc9XC0xpIYZLSqTOSzIC//yuFAYLOp6myv2ROFYXGsLXl2HAdPL1ogUZiYjdccA69vjmkqejbTZ9+Ny6ntfVbj/FFYaeRcFRbE6od08v3tx0+vM/hpNhGPY0iv1SthhJRoh1n5blFnDY7D72nOZBggXSbcnqVt/Ut/0l1u/IasJ+Mw5sp68Oqz/RHsiQFDstF+gzMHiWsJYSM0vC8AETpn9spAliQgu9lD2tOgFAJMxz/TGneICjDeBoHmQvulic4xz3JS+nC2muHoigbh8341Zn8rS42NNHFWydDYpSc3RkXXA9i08XFrw62Wbx0oc2IefBG7jm80jH9D/gkbHQFz7h9nIHZMPykX1VPMKWfnk123Sm2YGCqPmTUZvNnOVRK/RKoVfFLCI6cyUcThWlW7drXLTCpP/Ur3oIE1rCXUmlDbv8pqSVGHGqb/NqmasBr91G0gXt0iXYTmbk5MS1iII4Nw=
+ template:
+ metadata:
+ creationTimestamp: null
+ name: keycloak-secret
+ namespace: keycloak-next
diff --git a/keycloak/lib/playbook.yml b/keycloak/lib/playbook.yml
new file mode 100644
index 0000000..51ebb30
--- /dev/null
+++ b/keycloak/lib/playbook.yml
@@ -0,0 +1,40 @@
+# ansible playbook for install keycloak
+---
+- hosts: localhost
+ vars:
+ envs:
+ dev:
+ kustomize_dir_name: development
+ test:
+ kustomize_dir_name: test
+ prod:
+ kustomize_dir_name: production
+ tasks:
+ - name: install pre-requisites
+ pip:
+ name:
+ - openshift
+ - pyyaml
+ - kubernetes
+ - name: Print environment variables
+ debug:
+ # print var deploy_env
+ msg: "Deploy to: {{ deploy_env }}"
+ - name: Set fact for kustomize dir by deploy_env from dictionary
+ set_fact:
+ kustomize_dir: "./lib/kubernetes/overlays/{{ envs[deploy_env].kustomize_dir_name }}"
+ - name: Print kustomize dir
+ debug:
+ msg: "kustomization dir: {{ kustomize_dir }}"
+ - name: Create a namespace for keycloak
+ community.kubernetes.k8s:
+ name: keycloak-next
+ api_version: v1
+ kind: Namespace
+ state: present
+ - name: Deploy keycloak instance
+ community.kubernetes.k8s:
+ state: present
+ namespace: keycloak-next
+ definition: "{{ lookup('kubernetes.core.kustomize', dir=kustomize_dir) }}"
+
diff --git a/keycloak/test-website/index.html b/keycloak/test-website/index.html
new file mode 100644
index 0000000..0bf4e03
--- /dev/null
+++ b/keycloak/test-website/index.html
@@ -0,0 +1,243 @@
+
+
+
+
+
+ Treetracker Raw Client
+
+
+
+
+
+
+
+
+
+ Treetracker Raw Client
+
+
+
+
+
+
+
diff --git a/sealed-secrets/keycloak-secret-sealed-secret.yaml b/sealed-secrets/keycloak-secret-sealed-secret.yaml
new file mode 100644
index 0000000..538a8ad
--- /dev/null
+++ b/sealed-secrets/keycloak-secret-sealed-secret.yaml
@@ -0,0 +1,15 @@
+apiVersion: bitnami.com/v1alpha1
+kind: SealedSecret
+metadata:
+ creationTimestamp: null
+ name: keycloak-secret
+ namespace: keycloak-next
+spec:
+ encryptedData:
+ admin_password: AgBUBQAfA67jDNjdb7bc8zNLHnTBR/UAd5U1jxQTprCjxrNA1RAgzJhQCwQGyXdnKQsTiZcB+AzvvJcj4Q1fbrrQTlyZ8lRLCaydkUPIyjUDUTp/RHZ76kncdQ0aU8Rs2Io/sDbXNO3PA0uPFS9u+4dHTboAUTKr4IWK/Oeke2aX3i6LA6cZOfAjfKDEjHcDWkXecT+dY0vX1b0qWhtKezI1i43ylPMF7ilHcJXsaXvec8WCz3irKzLsV1iobBgD8UnVjbpgX/DUlLnnBd/TvTmg1hPlzhJqkwDZ8GMaEg4gUfxoZMHwoYKl15lM3XEF0iyjqd45k39Lo6hdv2fCCXVfx1J9tGXC1Etp0l8DQqLHlCoELxXVDgx6t7RDpwBb5cvTRONW7mR2qLw8JBC0tdKK0Uix9mJyB0OyRxwUkMsUV3c4WrdDt1AUv6+kPsSc64rm3hcMd2LpXZfc37lb0UPNDPc2xLoCitfl3AeJ50wP9G2m/FfyW8JBa3SBoymq0cnmFXm8yfC5yyWa1rqH0CmNKl5AnOhCKia45cH6r4OKGBmnbDZ7wSw4+QPTB9toXYJfqts0iPNR4TiE+OBzFIZ8W37jp/cbX6gKAz1h7ONKYx/Vd5lzHdyw0spo+wahXLZH3fIOT25BmSRympsNm/s+z5zykXp3TCP+HZoTyO1mXlONsgqYyXqU7te3jyvQNwed4QWWP+d2JbqMqS4=
+ template:
+ metadata:
+ creationTimestamp: null
+ name: keycloak-secret
+ namespace: keycloak-next
+