From 1f45d7c695d34456f6b7a71ec73561e5b0eb09d4 Mon Sep 17 00:00:00 2001 From: dadiorchen Date: Thu, 2 Nov 2023 02:19:11 +0000 Subject: [PATCH 01/25] feat: can add keycloak namespace --- keycloak/README.md | 23 +++++++++++++++ keycloak/deploy.sh | 32 +++++++++++++++++++++ keycloak/lib/js/checkK8sClusterNameByEnv.js | 17 +++++++++++ keycloak/lib/js/getK8sClusterNameByEnv.js | 4 +++ keycloak/lib/playbook.yml | 24 ++++++++++++++++ 5 files changed, 100 insertions(+) create mode 100644 keycloak/README.md create mode 100755 keycloak/deploy.sh create mode 100644 keycloak/lib/js/checkK8sClusterNameByEnv.js create mode 100644 keycloak/lib/js/getK8sClusterNameByEnv.js create mode 100644 keycloak/lib/playbook.yml diff --git a/keycloak/README.md b/keycloak/README.md new file mode 100644 index 0000000..481c2f9 --- /dev/null +++ b/keycloak/README.md @@ -0,0 +1,23 @@ +# The script to deploy Keycloak on Greenstand Kubernetes cluster + +## Prerequisites + +- Node.js +- kubeclt ? + +### To install prerequisites + +```bash +# install ansible +pip3 install ansible + +# install k8s plugin +ansible-galaxy collection install community.kubernetes +``` + +## Usage + +```bash +chmod +x deploy.sh +./deploy.sh +``` diff --git a/keycloak/deploy.sh b/keycloak/deploy.sh new file mode 100755 index 0000000..01afdd5 --- /dev/null +++ b/keycloak/deploy.sh @@ -0,0 +1,32 @@ +#!/bin/bash +# This script is used to deploy the keycloak to Greenstand k8s cluster + +# Prompt user to choose the environment +echo "Please choose the environment to deploy the keycloak" +echo "1. dev" +echo "2. staging" +echo "3. prod" +#TODO +#read -p "Enter your choice: " choice +#deploy_env=$(node -e 'console.log(["dev", "staging", "prod"][process.argv[1] - 1])' $choice) +choice=1 +deploy_env='dev' +echo "The environment to deploy is: $(echo ${deploy_env})" +#TODO +#read -p "Enter any key to continue: " key + +# check the k8s cluster +echo "Checking the k8s cluster" +current_k8s_cluster=$(kubectl config current-context) +echo "The current k8s cluster is: ${current_k8s_cluster}" +#TODO here we use the name in config/context, it might be problematic +# maybe a cluster configmap is good to have: https://stackoverflow.com/questions/38242062/how-to-get-kubernetes-cluster-name-from-k8s-api +is_cluster_ok=$(node ./lib/js/checkK8sClusterNameByEnv.js ${deploy_env} ${current_k8s_cluster}) +if [ "$is_cluster_ok" != "true" ]; then + echo "The current k8s cluster is wrong, please switch to the correct cluster" + exit 1 +fi + +ansible-playbook lib/playbook.yml --extra-vars "deploy_env=${deploy_env}" + + diff --git a/keycloak/lib/js/checkK8sClusterNameByEnv.js b/keycloak/lib/js/checkK8sClusterNameByEnv.js new file mode 100644 index 0000000..976ffb5 --- /dev/null +++ b/keycloak/lib/js/checkK8sClusterNameByEnv.js @@ -0,0 +1,17 @@ +// usage: node checkK8sClusterNameByEnv.js +// output: true|false +const env = process.argv[2]; +const clusterName = process.argv[3]; + +// name array, can add more if needed, in case setting up the config varies. +const clusterNames = { + dev: ['do-sfo2-dev-k8s-treetracker'], + test: ['do-sfo2-test-k8s-treetracker'], + prod: ['do-sfo2-prod-k8s-treetracker'], +}; + +if (clusterNames[env].includes(clusterName)) { + console.log('true'); +}else { + console.log('false'); +} diff --git a/keycloak/lib/js/getK8sClusterNameByEnv.js b/keycloak/lib/js/getK8sClusterNameByEnv.js new file mode 100644 index 0000000..799fb13 --- /dev/null +++ b/keycloak/lib/js/getK8sClusterNameByEnv.js @@ -0,0 +1,4 @@ +// usage: node getK8sClusterNameByEnv.js +const names = { + dev: 'dev', + diff --git a/keycloak/lib/playbook.yml b/keycloak/lib/playbook.yml new file mode 100644 index 0000000..115c387 --- /dev/null +++ b/keycloak/lib/playbook.yml @@ -0,0 +1,24 @@ +# ansible playbook for install keycloak +--- +- hosts: localhost + vars: + #TODO + deploy_dev: "dev" + tasks: + - name: install pre-requisites + pip: + name: + - openshift + - pyyaml + - kubernetes + - name: Print environment variables + debug: + # print var deploy_dev + msg: "Deploy to: {{ deploy_dev }}" + - name: Create a namespace for keycloak + community.kubernetes.k8s: + name: keycloak-next + api_version: v1 + kind: Namespace + state: present + From 2a8af10a72c5d01e23a70f07922c443f0ae53365 Mon Sep 17 00:00:00 2001 From: dadiorchen Date: Thu, 2 Nov 2023 06:15:51 +0000 Subject: [PATCH 02/25] chore: can install operator --- keycloak/lib/playbook.yml | 23 ++++++++++++++++++++++- 1 file changed, 22 insertions(+), 1 deletion(-) diff --git a/keycloak/lib/playbook.yml b/keycloak/lib/playbook.yml index 115c387..1c9c2c5 100644 --- a/keycloak/lib/playbook.yml +++ b/keycloak/lib/playbook.yml @@ -21,4 +21,25 @@ api_version: v1 kind: Namespace state: present - + - name: Install keycloak operator + community.kubernetes.k8s: + state: present + definition: '{{ item }}' + with_items: '{{ lookup("url", "https://raw.githubusercontent.com/keycloak/keycloak-k8s-resources/22.0.5/kubernetes/keycloaks.k8s.keycloak.org-v1.yml", split_lines=False) | from_yaml_all | list }}' + when: item is not none + no_log: True + - name: Install keycloak operator 2 + community.kubernetes.k8s: + state: present + definition: '{{ item }}' + with_items: '{{ lookup("url", "https://raw.githubusercontent.com/keycloak/keycloak-k8s-resources/22.0.5/kubernetes/keycloakrealmimports.k8s.keycloak.org-v1.yml", split_lines=False) | from_yaml_all | list }}' + when: item is not none + no_log: True + - name: Deploy keycloak operator + community.kubernetes.k8s: + state: present + definition: '{{ item }}' + namespace: keycloak-next + with_items: '{{ lookup("url", "https://raw.githubusercontent.com/keycloak/keycloak-k8s-resources/22.0.5/kubernetes/kubernetes.yml", split_lines=False) | from_yaml_all | list }}' + when: item is not none + no_log: True From aca308c50dd567cdf1172d0138552d2b2aea3016 Mon Sep 17 00:00:00 2001 From: dadiorchen Date: Thu, 2 Nov 2023 09:48:07 +0000 Subject: [PATCH 03/25] chore: can run keycloak connecting to db --- keycloak/lib/kubernetes/base/deployment.yaml | 47 +++++++++++++++++++ .../lib/kubernetes/base/kustomization.yaml | 4 ++ .../overlays/development/deployment.yaml | 6 +++ .../overlays/development/kustomization.yaml | 6 +++ .../overlays/development/sealed-secret.yaml | 15 ++++++ keycloak/lib/playbook.yml | 6 +++ 6 files changed, 84 insertions(+) create mode 100644 keycloak/lib/kubernetes/base/deployment.yaml create mode 100644 keycloak/lib/kubernetes/base/kustomization.yaml create mode 100644 keycloak/lib/kubernetes/overlays/development/deployment.yaml create mode 100644 keycloak/lib/kubernetes/overlays/development/kustomization.yaml create mode 100644 keycloak/lib/kubernetes/overlays/development/sealed-secret.yaml diff --git a/keycloak/lib/kubernetes/base/deployment.yaml b/keycloak/lib/kubernetes/base/deployment.yaml new file mode 100644 index 0000000..213c70c --- /dev/null +++ b/keycloak/lib/kubernetes/base/deployment.yaml @@ -0,0 +1,47 @@ +apiVersion: k8s.keycloak.org/v2alpha1 +kind: Keycloak +metadata: + name: keycloak + namespace: keycloak-next +spec: + instances: 1 + #image: dadiorchen/keycloak:1.1 + #db: + #vendor: postgres + # http: + # tlsSecret: example-tls-secret + #hostname: + #hostname: example-kc-service.keycloak.svc.cluster.local + http: + httpEnabled: true + hostname: + strict: false + strictBackchannel: false + unsupported: + podTemplate: + spec: + containers: + - name: keycloak + env: + - name: KC_LOG_LEVEL + value: INFO + - name: KC_DB + value: postgres + - name: KC_DB_SCHEMA + value: keycloak + - name: KC_DB_USERNAME + value: doadmin + - name: KC_DB_PASSWORD + valueFrom: + secretKeyRef: + name: keycloak-secret + key: password + - name: KC_DB_URL_HOST + valueFrom: + secretKeyRef: + name: keycloak-secret + key: host + - name: KC_DB_URL_PORT + value: "25060" + - name: KC_DB_URL_DATABASE + value: treetracker diff --git a/keycloak/lib/kubernetes/base/kustomization.yaml b/keycloak/lib/kubernetes/base/kustomization.yaml new file mode 100644 index 0000000..42835f5 --- /dev/null +++ b/keycloak/lib/kubernetes/base/kustomization.yaml @@ -0,0 +1,4 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +resources: +- deployment.yaml diff --git a/keycloak/lib/kubernetes/overlays/development/deployment.yaml b/keycloak/lib/kubernetes/overlays/development/deployment.yaml new file mode 100644 index 0000000..76b7386 --- /dev/null +++ b/keycloak/lib/kubernetes/overlays/development/deployment.yaml @@ -0,0 +1,6 @@ +apiVersion: k8s.keycloak.org/v2alpha1 +kind: Keycloak +metadata: + name: keycloak + namespace: keycloak-next +spec: diff --git a/keycloak/lib/kubernetes/overlays/development/kustomization.yaml b/keycloak/lib/kubernetes/overlays/development/kustomization.yaml new file mode 100644 index 0000000..a4bd22b --- /dev/null +++ b/keycloak/lib/kubernetes/overlays/development/kustomization.yaml @@ -0,0 +1,6 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +bases: + - ../../base +resources: + - sealed-secret.yaml diff --git a/keycloak/lib/kubernetes/overlays/development/sealed-secret.yaml b/keycloak/lib/kubernetes/overlays/development/sealed-secret.yaml new file mode 100644 index 0000000..dac0fd7 --- /dev/null +++ b/keycloak/lib/kubernetes/overlays/development/sealed-secret.yaml @@ -0,0 +1,15 @@ +apiVersion: bitnami.com/v1alpha1 +kind: SealedSecret +metadata: + creationTimestamp: null + name: keycloak-secret + namespace: keycloak-next +spec: + encryptedData: + password: AgCAdv4vYJckbSbQjeYyFbH3VEO1wYSGk1dcZZvOyw5ph+0d97K4YvjMX05MlXbUYpgx774BWEhsOSADn8Zq/SbBRyd5wPR4j9tndDf1wgldhcC149HkHOfNrx2H4y8Xe9PQb7zN4eudbDZMjpHB7T5zGcS5o6dEKoJ/BCBfPpoGwh1uYUX/z4cP/8whGImkWR6l9Gcy/7FtUhcQktcL59Z4RlnasqX+UJqro88gZ+alcN4MhU1b0OAmW+DEjFFKo/XHYD67LvVVv9jKTRbgopmDfG7qioby1HkFajAXk/pF2yiTU8a8uWRGhTE0t6oJQ8+98YH5uruAorD7VbBjzi6df+OwO0pKzsaz21yFJdi002lZ0GPDuWa+8iXrunNSk2YJltEIVPRYPzAXObQAXoyCLfHD+Nwp+EIE5acr8HkU4Ke7o7QA0gpbZtglPmYxpQf4L30WQVRkzUsMUifb+5oYYdNqSU3zmmbjFRYoDPdKRq8+kH0SRvJ0vF7qZZ5Cf3yhnb8Czrb9vf37V67lWeJ6Zif8o1/+SyQNuV6RLGR9kVbvXSGJkk6w8RrVfNjF3uP1pwoIpGJuYSJWgckYJst+y86mbMRoIg9f5ajaw9oqP4XrmsJKwx1gXMbXs6GB0Q1enb5nHQVCW/uvLtJHZRA+wRg0di5QQ9Q8zVVqRgxOxRG+H5Ga6TTKP8BzWx95Ipi4YlBaMJ6TFXRf+iGu1SaK + host: AgAvCMRMr45etq0BdXykCiNmo3EVzdHsuFcNj4cAzpWk2nMwg9ShK017hRtYx7xJrqJdOIoGzhOgqX/qTQ5BFws5A46kW6d2FXBFyfx4R5lDaMBjiaaY+VGg0lqEv68/wFHCSg75c9Wyvq91CmdMdad+sB5yxatEvMY9PqrDYPeDte2Ri274Qrxd/BmnhUrTMwfYhZ8/LTzPL5B5Iw80w5T4IaM5ZgDonRx0s92TJOf431MAdBdEVYVP2krErpxLDMHeqd8mnfe29zXMXfM3Ihl2SJeDkXow0vMNpmxmvaPpTItLP2IASptW8bR3EaAcWcTzZM3IguCzTxHs4H/+Xl8aE1BfX6RsAhTd2iXKnAdZLkbfF8ymKP8a7bSPVR2sZF7I1WHISLkbbop2kBTEdtItwMXkO/SwgCgNazENmFUCeQRpllrpkSpUjgMulacCWqpzv9dIGlOeFCKDFgqrZd3Pv6e/ut54mAXWZm5alMxR36l/PYBNh0TMuEkn6b38hEWUO45u9C2XbF0S9+h+BWz2Bt1ij3iSGkoFYSnAnMYXZ3t42s6xtG9Gq7+pRSQu6JoY+frU2RrMbuw+1fI0bBX+NsfUpDhqhEghg2p2rVf+SeS147OJ0QG8JtAdWTnaXtUJkE/PGBrp0b41TB2Q1mSW85xFmCv8kkE2AAv1MhPm4bGhIuFUtBYb1JVLtnER5L61pQzrqknee20gxS+ta5JcD63LbrOUtTu48Xqamji3G/lhkrwAS8O4TY3tBaihUbaJkOsSTtnqvWzDbeqDQFNKv9A= + template: + metadata: + creationTimestamp: null + name: keycloak-secret + namespace: keycloak-next diff --git a/keycloak/lib/playbook.yml b/keycloak/lib/playbook.yml index 1c9c2c5..56f3f09 100644 --- a/keycloak/lib/playbook.yml +++ b/keycloak/lib/playbook.yml @@ -43,3 +43,9 @@ with_items: '{{ lookup("url", "https://raw.githubusercontent.com/keycloak/keycloak-k8s-resources/22.0.5/kubernetes/kubernetes.yml", split_lines=False) | from_yaml_all | list }}' when: item is not none no_log: True + - name: Deploy keycloak instance + community.kubernetes.k8s: + state: present + namespace: keycloak-next + src: kubernetes/deployment.yaml + From d55683f34c10c7d76f59b00472ab43fb78fe8716 Mon Sep 17 00:00:00 2001 From: dadiorchen Date: Fri, 3 Nov 2023 06:52:29 +0000 Subject: [PATCH 04/25] fix: sum check problem --- keycloak/README.md | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/keycloak/README.md b/keycloak/README.md index 481c2f9..e8fd7d2 100644 --- a/keycloak/README.md +++ b/keycloak/README.md @@ -21,3 +21,10 @@ ansible-galaxy collection install community.kubernetes chmod +x deploy.sh ./deploy.sh ``` + + +# Troubleshooting + +## Error: "changesets check sum: Validation Failed" + +This is because of the table: `databasechangelog` in the database, can be solved by cleaning up the whole schema tables.; From 1ff04b49694474826cc10e4ada4386aa10999a8d Mon Sep 17 00:00:00 2001 From: dadiorchen Date: Fri, 3 Nov 2023 07:35:22 +0000 Subject: [PATCH 05/25] chore: password for admin --- keycloak/lib/kubernetes/base/deployment.yaml | 12 +++++++++++- .../overlays/development/sealed-secret.yaml | 2 ++ sealed-secrets/keycloak-secret-sealed-secret.yaml | 15 +++++++++++++++ 3 files changed, 28 insertions(+), 1 deletion(-) create mode 100644 sealed-secrets/keycloak-secret-sealed-secret.yaml diff --git a/keycloak/lib/kubernetes/base/deployment.yaml b/keycloak/lib/kubernetes/base/deployment.yaml index 213c70c..d46f4f3 100644 --- a/keycloak/lib/kubernetes/base/deployment.yaml +++ b/keycloak/lib/kubernetes/base/deployment.yaml @@ -5,7 +5,7 @@ metadata: namespace: keycloak-next spec: instances: 1 - #image: dadiorchen/keycloak:1.1 + image: dadiorchen/keycloak:1.1 #db: #vendor: postgres # http: @@ -45,3 +45,13 @@ spec: value: "25060" - name: KC_DB_URL_DATABASE value: treetracker + - name: KEYCLOAK_ADMIN + valueFrom: + secretKeyRef: + name: keycloak-secret + key: admin_username + - name: KEYCLOAK_ADMIN_PASSWORD + valueFrom: + secretKeyRef: + name: keycloak-secret + key: admin_password diff --git a/keycloak/lib/kubernetes/overlays/development/sealed-secret.yaml b/keycloak/lib/kubernetes/overlays/development/sealed-secret.yaml index dac0fd7..25a7fed 100644 --- a/keycloak/lib/kubernetes/overlays/development/sealed-secret.yaml +++ b/keycloak/lib/kubernetes/overlays/development/sealed-secret.yaml @@ -8,6 +8,8 @@ spec: encryptedData: password: AgCAdv4vYJckbSbQjeYyFbH3VEO1wYSGk1dcZZvOyw5ph+0d97K4YvjMX05MlXbUYpgx774BWEhsOSADn8Zq/SbBRyd5wPR4j9tndDf1wgldhcC149HkHOfNrx2H4y8Xe9PQb7zN4eudbDZMjpHB7T5zGcS5o6dEKoJ/BCBfPpoGwh1uYUX/z4cP/8whGImkWR6l9Gcy/7FtUhcQktcL59Z4RlnasqX+UJqro88gZ+alcN4MhU1b0OAmW+DEjFFKo/XHYD67LvVVv9jKTRbgopmDfG7qioby1HkFajAXk/pF2yiTU8a8uWRGhTE0t6oJQ8+98YH5uruAorD7VbBjzi6df+OwO0pKzsaz21yFJdi002lZ0GPDuWa+8iXrunNSk2YJltEIVPRYPzAXObQAXoyCLfHD+Nwp+EIE5acr8HkU4Ke7o7QA0gpbZtglPmYxpQf4L30WQVRkzUsMUifb+5oYYdNqSU3zmmbjFRYoDPdKRq8+kH0SRvJ0vF7qZZ5Cf3yhnb8Czrb9vf37V67lWeJ6Zif8o1/+SyQNuV6RLGR9kVbvXSGJkk6w8RrVfNjF3uP1pwoIpGJuYSJWgckYJst+y86mbMRoIg9f5ajaw9oqP4XrmsJKwx1gXMbXs6GB0Q1enb5nHQVCW/uvLtJHZRA+wRg0di5QQ9Q8zVVqRgxOxRG+H5Ga6TTKP8BzWx95Ipi4YlBaMJ6TFXRf+iGu1SaK host: AgAvCMRMr45etq0BdXykCiNmo3EVzdHsuFcNj4cAzpWk2nMwg9ShK017hRtYx7xJrqJdOIoGzhOgqX/qTQ5BFws5A46kW6d2FXBFyfx4R5lDaMBjiaaY+VGg0lqEv68/wFHCSg75c9Wyvq91CmdMdad+sB5yxatEvMY9PqrDYPeDte2Ri274Qrxd/BmnhUrTMwfYhZ8/LTzPL5B5Iw80w5T4IaM5ZgDonRx0s92TJOf431MAdBdEVYVP2krErpxLDMHeqd8mnfe29zXMXfM3Ihl2SJeDkXow0vMNpmxmvaPpTItLP2IASptW8bR3EaAcWcTzZM3IguCzTxHs4H/+Xl8aE1BfX6RsAhTd2iXKnAdZLkbfF8ymKP8a7bSPVR2sZF7I1WHISLkbbop2kBTEdtItwMXkO/SwgCgNazENmFUCeQRpllrpkSpUjgMulacCWqpzv9dIGlOeFCKDFgqrZd3Pv6e/ut54mAXWZm5alMxR36l/PYBNh0TMuEkn6b38hEWUO45u9C2XbF0S9+h+BWz2Bt1ij3iSGkoFYSnAnMYXZ3t42s6xtG9Gq7+pRSQu6JoY+frU2RrMbuw+1fI0bBX+NsfUpDhqhEghg2p2rVf+SeS147OJ0QG8JtAdWTnaXtUJkE/PGBrp0b41TB2Q1mSW85xFmCv8kkE2AAv1MhPm4bGhIuFUtBYb1JVLtnER5L61pQzrqknee20gxS+ta5JcD63LbrOUtTu48Xqamji3G/lhkrwAS8O4TY3tBaihUbaJkOsSTtnqvWzDbeqDQFNKv9A= + admin_username: AgA/X2kBuFzO8IEKhGNLwJi7NpsuoO54uhHYhNZzIxSWOFp/zouu5Ib4TXd8APk/GnGG/IN8FMbNzqHJQUNQS1mG2HV8/tHbzXda1pnf3RHDLZb5el8nS9ehFybx4yT+X6AbUwgCYuo5A6YtgeoHCDVi3wj02XSrxFgK498E7g1pbUXw9tQgI4hd1dgRXHahGv+cA8KD5jaLBv6wLo07H9TVtT5dY4ZnIAFoRkNQDhIVToAxLRBLJgsqKo90PrHo3EqX7riThbJsL0FEQR11JbfnnCTuj+wwzI8a3opmSVBxGpFs0d7d9oRYtRAsX9BJrWv2e14bEhoK9e/yAGlkHpQzvqnH9mZsvFKze3gXrbc+WUHK02SV4c4bL4ym+yG7xfTb6/0gIVytjFVM6C7YXQ4ltZl4cERzA/n+IWB1YKaU1ChdPtDcecQHgaxlaEPTL4MS3NOsV8jJDhmZgztYJZNJ+crfavx2CG1McBFdJohTKJZznSzE1BZHfJSnJo1N82FWff7ryf7gxToVusdAHxNQokZQ+uy1I3sa8BwDIp5PuuAl22qNfdHRag0TBBZw9aTBoLrnWpf/7JbKSrky6MHY28JaKKUnOywfwEux7HAzG65TVsXbzhvhb4C4MG6qL4cnlcxbKAcbZ81ci8HRMvpFMzBG63j1ijaoKkgozNXTt2Z1fdNhZTwuOhSYop9bQTSxoMqN9g== + admin_password: AgBUBQAfA67jDNjdb7bc8zNLHnTBR/UAd5U1jxQTprCjxrNA1RAgzJhQCwQGyXdnKQsTiZcB+AzvvJcj4Q1fbrrQTlyZ8lRLCaydkUPIyjUDUTp/RHZ76kncdQ0aU8Rs2Io/sDbXNO3PA0uPFS9u+4dHTboAUTKr4IWK/Oeke2aX3i6LA6cZOfAjfKDEjHcDWkXecT+dY0vX1b0qWhtKezI1i43ylPMF7ilHcJXsaXvec8WCz3irKzLsV1iobBgD8UnVjbpgX/DUlLnnBd/TvTmg1hPlzhJqkwDZ8GMaEg4gUfxoZMHwoYKl15lM3XEF0iyjqd45k39Lo6hdv2fCCXVfx1J9tGXC1Etp0l8DQqLHlCoELxXVDgx6t7RDpwBb5cvTRONW7mR2qLw8JBC0tdKK0Uix9mJyB0OyRxwUkMsUV3c4WrdDt1AUv6+kPsSc64rm3hcMd2LpXZfc37lb0UPNDPc2xLoCitfl3AeJ50wP9G2m/FfyW8JBa3SBoymq0cnmFXm8yfC5yyWa1rqH0CmNKl5AnOhCKia45cH6r4OKGBmnbDZ7wSw4+QPTB9toXYJfqts0iPNR4TiE+OBzFIZ8W37jp/cbX6gKAz1h7ONKYx/Vd5lzHdyw0spo+wahXLZH3fIOT25BmSRympsNm/s+z5zykXp3TCP+HZoTyO1mXlONsgqYyXqU7te3jyvQNwed4QWWP+d2JbqMqS4= template: metadata: creationTimestamp: null diff --git a/sealed-secrets/keycloak-secret-sealed-secret.yaml b/sealed-secrets/keycloak-secret-sealed-secret.yaml new file mode 100644 index 0000000..538a8ad --- /dev/null +++ b/sealed-secrets/keycloak-secret-sealed-secret.yaml @@ -0,0 +1,15 @@ +apiVersion: bitnami.com/v1alpha1 +kind: SealedSecret +metadata: + creationTimestamp: null + name: keycloak-secret + namespace: keycloak-next +spec: + encryptedData: + admin_password: AgBUBQAfA67jDNjdb7bc8zNLHnTBR/UAd5U1jxQTprCjxrNA1RAgzJhQCwQGyXdnKQsTiZcB+AzvvJcj4Q1fbrrQTlyZ8lRLCaydkUPIyjUDUTp/RHZ76kncdQ0aU8Rs2Io/sDbXNO3PA0uPFS9u+4dHTboAUTKr4IWK/Oeke2aX3i6LA6cZOfAjfKDEjHcDWkXecT+dY0vX1b0qWhtKezI1i43ylPMF7ilHcJXsaXvec8WCz3irKzLsV1iobBgD8UnVjbpgX/DUlLnnBd/TvTmg1hPlzhJqkwDZ8GMaEg4gUfxoZMHwoYKl15lM3XEF0iyjqd45k39Lo6hdv2fCCXVfx1J9tGXC1Etp0l8DQqLHlCoELxXVDgx6t7RDpwBb5cvTRONW7mR2qLw8JBC0tdKK0Uix9mJyB0OyRxwUkMsUV3c4WrdDt1AUv6+kPsSc64rm3hcMd2LpXZfc37lb0UPNDPc2xLoCitfl3AeJ50wP9G2m/FfyW8JBa3SBoymq0cnmFXm8yfC5yyWa1rqH0CmNKl5AnOhCKia45cH6r4OKGBmnbDZ7wSw4+QPTB9toXYJfqts0iPNR4TiE+OBzFIZ8W37jp/cbX6gKAz1h7ONKYx/Vd5lzHdyw0spo+wahXLZH3fIOT25BmSRympsNm/s+z5zykXp3TCP+HZoTyO1mXlONsgqYyXqU7te3jyvQNwed4QWWP+d2JbqMqS4= + template: + metadata: + creationTimestamp: null + name: keycloak-secret + namespace: keycloak-next + From 8ec4242b762093a1e9eea0e98f096c038ae2e806 Mon Sep 17 00:00:00 2001 From: dadiorchen Date: Fri, 3 Nov 2023 09:11:54 +0000 Subject: [PATCH 06/25] chore:can open in ambaddasdor --- keycloak/lib/kubernetes/base/kustomization.yaml | 1 + keycloak/lib/kubernetes/base/mapping.yaml | 11 +++++++++++ 2 files changed, 12 insertions(+) create mode 100644 keycloak/lib/kubernetes/base/mapping.yaml diff --git a/keycloak/lib/kubernetes/base/kustomization.yaml b/keycloak/lib/kubernetes/base/kustomization.yaml index 42835f5..2b1bf5a 100644 --- a/keycloak/lib/kubernetes/base/kustomization.yaml +++ b/keycloak/lib/kubernetes/base/kustomization.yaml @@ -2,3 +2,4 @@ apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization resources: - deployment.yaml +- mapping.yaml diff --git a/keycloak/lib/kubernetes/base/mapping.yaml b/keycloak/lib/kubernetes/base/mapping.yaml new file mode 100644 index 0000000..1612a6e --- /dev/null +++ b/keycloak/lib/kubernetes/base/mapping.yaml @@ -0,0 +1,11 @@ +apiVersion: getambassador.io/v2 +kind: Mapping +metadata: + name: treetracker-keycloak-mapping + namespace: keycloak-next +spec: + # mapping to the service on port 8080 + prefix: /keycloak/ + service: keycloak-service:8080 + rewrite: / + timeout_ms: 0 From d3cd877cc5b9b08b43f5b83bd4a243f473da16db Mon Sep 17 00:00:00 2001 From: dadiorchen Date: Fri, 3 Nov 2023 10:25:49 +0000 Subject: [PATCH 07/25] chore: can access with admin password, with ambassador (solve the proxy problem) --- keycloak/lib/kubernetes/base/deployment.yaml | 107 +++++++++--------- .../lib/kubernetes/base/kustomization.yaml | 1 + keycloak/lib/kubernetes/base/mapping.yaml | 2 +- keycloak/lib/kubernetes/base/service.yaml | 13 +++ .../overlays/development/deployment.yaml | 6 - 5 files changed, 68 insertions(+), 61 deletions(-) create mode 100644 keycloak/lib/kubernetes/base/service.yaml delete mode 100644 keycloak/lib/kubernetes/overlays/development/deployment.yaml diff --git a/keycloak/lib/kubernetes/base/deployment.yaml b/keycloak/lib/kubernetes/base/deployment.yaml index d46f4f3..66d0f40 100644 --- a/keycloak/lib/kubernetes/base/deployment.yaml +++ b/keycloak/lib/kubernetes/base/deployment.yaml @@ -1,57 +1,56 @@ -apiVersion: k8s.keycloak.org/v2alpha1 -kind: Keycloak +# deployment for keycloak +apiVersion: apps/v1 +kind: Deployment metadata: - name: keycloak + name: treetracker-keycloak-deployment namespace: keycloak-next spec: - instances: 1 - image: dadiorchen/keycloak:1.1 - #db: - #vendor: postgres - # http: - # tlsSecret: example-tls-secret - #hostname: - #hostname: example-kc-service.keycloak.svc.cluster.local - http: - httpEnabled: true - hostname: - strict: false - strictBackchannel: false - unsupported: - podTemplate: - spec: - containers: - - name: keycloak - env: - - name: KC_LOG_LEVEL - value: INFO - - name: KC_DB - value: postgres - - name: KC_DB_SCHEMA - value: keycloak - - name: KC_DB_USERNAME - value: doadmin - - name: KC_DB_PASSWORD - valueFrom: - secretKeyRef: - name: keycloak-secret - key: password - - name: KC_DB_URL_HOST - valueFrom: - secretKeyRef: - name: keycloak-secret - key: host - - name: KC_DB_URL_PORT - value: "25060" - - name: KC_DB_URL_DATABASE - value: treetracker - - name: KEYCLOAK_ADMIN - valueFrom: - secretKeyRef: - name: keycloak-secret - key: admin_username - - name: KEYCLOAK_ADMIN_PASSWORD - valueFrom: - secretKeyRef: - name: keycloak-secret - key: admin_password + replicas: 1 + selector: + matchLabels: + app: treetracker-keycloak + template: + metadata: + labels: + app: treetracker-keycloak + spec: + containers: + - name: treetracker-keycloak + image: dadiorchen/keycloak:1.3 + env: + - name: KC_LOG_LEVEL + value: INFO + - name: KC_DB + value: postgres + - name: KC_DB_SCHEMA + value: keycloak + - name: KC_DB_USERNAME + value: doadmin + - name: KC_DB_PASSWORD + valueFrom: + secretKeyRef: + name: keycloak-secret + key: password + - name: KC_DB_URL_HOST + valueFrom: + secretKeyRef: + name: keycloak-secret + key: host + - name: KC_DB_URL_PORT + value: "25060" + - name: KC_DB_URL_DATABASE + value: treetracker + - name: KEYCLOAK_ADMIN + valueFrom: + secretKeyRef: + name: keycloak-secret + key: admin_username + - name: KEYCLOAK_ADMIN_PASSWORD + valueFrom: + secretKeyRef: + name: keycloak-secret + key: admin_password + - name: KC_HTTP_RELATIVE_PATH + value: "/keycloak" + - name: KC_PROXY + value: "edge" diff --git a/keycloak/lib/kubernetes/base/kustomization.yaml b/keycloak/lib/kubernetes/base/kustomization.yaml index 2b1bf5a..5da18dd 100644 --- a/keycloak/lib/kubernetes/base/kustomization.yaml +++ b/keycloak/lib/kubernetes/base/kustomization.yaml @@ -3,3 +3,4 @@ kind: Kustomization resources: - deployment.yaml - mapping.yaml +- service.yaml diff --git a/keycloak/lib/kubernetes/base/mapping.yaml b/keycloak/lib/kubernetes/base/mapping.yaml index 1612a6e..0349886 100644 --- a/keycloak/lib/kubernetes/base/mapping.yaml +++ b/keycloak/lib/kubernetes/base/mapping.yaml @@ -7,5 +7,5 @@ spec: # mapping to the service on port 8080 prefix: /keycloak/ service: keycloak-service:8080 - rewrite: / + rewrite: /keycloak/ timeout_ms: 0 diff --git a/keycloak/lib/kubernetes/base/service.yaml b/keycloak/lib/kubernetes/base/service.yaml new file mode 100644 index 0000000..ad18a2a --- /dev/null +++ b/keycloak/lib/kubernetes/base/service.yaml @@ -0,0 +1,13 @@ +# service for keycloak +apiVersion: v1 +kind: Service +metadata: + name: keycloak-service + namespace: keycloak-next +spec: + selector: + app: treetracker-keycloak + ports: + - protocol: TCP + port: 8080 + targetPort: 8080 diff --git a/keycloak/lib/kubernetes/overlays/development/deployment.yaml b/keycloak/lib/kubernetes/overlays/development/deployment.yaml deleted file mode 100644 index 76b7386..0000000 --- a/keycloak/lib/kubernetes/overlays/development/deployment.yaml +++ /dev/null @@ -1,6 +0,0 @@ -apiVersion: k8s.keycloak.org/v2alpha1 -kind: Keycloak -metadata: - name: keycloak - namespace: keycloak-next -spec: From e4e4d0a43980082df1783a770f32d3590fc6659a Mon Sep 17 00:00:00 2001 From: dadiorchen Date: Sat, 4 Nov 2023 03:37:08 +0000 Subject: [PATCH 08/25] feat: raw client can login --- .../base/deployment-raw-client.yaml | 285 ++++++++++++++++++ keycloak/lib/kubernetes/base/deployment.yaml | 2 +- .../lib/kubernetes/base/kustomization.yaml | 1 + keycloak/test-website/index.html | 243 +++++++++++++++ 4 files changed, 530 insertions(+), 1 deletion(-) create mode 100644 keycloak/lib/kubernetes/base/deployment-raw-client.yaml create mode 100644 keycloak/test-website/index.html diff --git a/keycloak/lib/kubernetes/base/deployment-raw-client.yaml b/keycloak/lib/kubernetes/base/deployment-raw-client.yaml new file mode 100644 index 0000000..ddbb38e --- /dev/null +++ b/keycloak/lib/kubernetes/base/deployment-raw-client.yaml @@ -0,0 +1,285 @@ +# deployment a test client for keycloak +apiVersion: apps/v1 +kind: Deployment +metadata: + name: treetracker-keycloak-raw-client + namespace: keycloak-next +spec: + replicas: 1 + selector: + matchLabels: + app: treetracker-keycloak-raw-client + template: + metadata: + labels: + app: treetracker-keycloak-raw-client + spec: + containers: + - name: treetracker-keycloak + image: node + command: + - "sh" + - "-c" + - | + cd / + mkdir raw-client + cd raw-client + cat < index.html + + + + + + Treetracker Raw Client! + + + + + + + + + + + +

Treetracker Raw Client

+ + +
+

Welcome:

+

User Info

+ + + + + + + + + + + + + + + + + +
username:
email:
roles: +
    +
+
user id: +
+
+ + + + + EOF + npx --yes serve -l 8080 . + env: + - name: TEST_CLIENT_URL + value: http://167.172.8.145 + - name: TEST_CLIENT_REALM + value: treetracker + - name: TEST_CLIENT_CLIENT_ID + value: raw-client diff --git a/keycloak/lib/kubernetes/base/deployment.yaml b/keycloak/lib/kubernetes/base/deployment.yaml index 66d0f40..5dcd599 100644 --- a/keycloak/lib/kubernetes/base/deployment.yaml +++ b/keycloak/lib/kubernetes/base/deployment.yaml @@ -2,7 +2,7 @@ apiVersion: apps/v1 kind: Deployment metadata: - name: treetracker-keycloak-deployment + name: treetracker-keycloak namespace: keycloak-next spec: replicas: 1 diff --git a/keycloak/lib/kubernetes/base/kustomization.yaml b/keycloak/lib/kubernetes/base/kustomization.yaml index 5da18dd..7ee3464 100644 --- a/keycloak/lib/kubernetes/base/kustomization.yaml +++ b/keycloak/lib/kubernetes/base/kustomization.yaml @@ -2,5 +2,6 @@ apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization resources: - deployment.yaml +- deployment-raw-client.yaml - mapping.yaml - service.yaml diff --git a/keycloak/test-website/index.html b/keycloak/test-website/index.html new file mode 100644 index 0000000..0bf4e03 --- /dev/null +++ b/keycloak/test-website/index.html @@ -0,0 +1,243 @@ + + + + + + Treetracker Raw Client + + + + + + + + + +

Treetracker Raw Client

+ + +
+ + + + From b6857cde95700713ecce83ef405d2d65f7df8909 Mon Sep 17 00:00:00 2001 From: dadiorchen Date: Sat, 4 Nov 2023 04:20:35 +0000 Subject: [PATCH 09/25] feat: good ui --- keycloak/lib/kubernetes/base/deployment.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/keycloak/lib/kubernetes/base/deployment.yaml b/keycloak/lib/kubernetes/base/deployment.yaml index 5dcd599..97d1e93 100644 --- a/keycloak/lib/kubernetes/base/deployment.yaml +++ b/keycloak/lib/kubernetes/base/deployment.yaml @@ -16,7 +16,7 @@ spec: spec: containers: - name: treetracker-keycloak - image: dadiorchen/keycloak:1.3 + image: dadiorchen/keycloak:1.5 env: - name: KC_LOG_LEVEL value: INFO From 1924c8cbe66420707107770586811050249ac542 Mon Sep 17 00:00:00 2001 From: dadiorchen Date: Sat, 4 Nov 2023 12:21:59 +0800 Subject: [PATCH 10/25] feat: docker image --- keycloak/lib/docker/Dockerfile | 23 ++++++++++++ .../login/resources/css/treetracker.css | 35 +++++++++++++++++++ .../login/resources/js/treetracker.js | 18 ++++++++++ .../themes/treetracker/login/theme.properties | 5 +++ 4 files changed, 81 insertions(+) create mode 100644 keycloak/lib/docker/Dockerfile create mode 100644 keycloak/lib/docker/themes/treetracker/login/resources/css/treetracker.css create mode 100644 keycloak/lib/docker/themes/treetracker/login/resources/js/treetracker.js create mode 100644 keycloak/lib/docker/themes/treetracker/login/theme.properties diff --git a/keycloak/lib/docker/Dockerfile b/keycloak/lib/docker/Dockerfile new file mode 100644 index 0000000..dd61cdd --- /dev/null +++ b/keycloak/lib/docker/Dockerfile @@ -0,0 +1,23 @@ +# +#RUN /opt/keycloak/bin/kc.sh build +# +#FROM quay.io/keycloak/keycloak:22.0.4 +#ENTRYPOINT ["/opt/keycloak/bin/kc.sh"] + +FROM quay.io/keycloak/keycloak:latest as builder +ENV KC_HEALTH_ENABLED=true +ENV KC_METRICS_ENABLED=true + +# Configure a database vendor +ENV KC_DB=postgres + +WORKDIR /opt/keycloak + +# Copy the theme +COPY ./themes/treetracker /opt/keycloak/themes/treetracker +#RUN /opt/keycloak/bin/kc.sh build + +FROM quay.io/keycloak/keycloak:latest +COPY --from=builder /opt/keycloak/ /opt/keycloak/ + +ENTRYPOINT ["/opt/keycloak/bin/kc.sh", "start-dev"] diff --git a/keycloak/lib/docker/themes/treetracker/login/resources/css/treetracker.css b/keycloak/lib/docker/themes/treetracker/login/resources/css/treetracker.css new file mode 100644 index 0000000..9647e60 --- /dev/null +++ b/keycloak/lib/docker/themes/treetracker/login/resources/css/treetracker.css @@ -0,0 +1,35 @@ +.login-pf body { + /*background: url(https://treetracker-production-images.s3.eu-central-1.amazonaws.com/2023.09.23.14.04.00_0.45559833333333327_109.32892366666664_5e5b8f08-2f3f-46f7-adbe-967030e48266_IMG_20230829_091903_642222451085378253.jpg) no-repeat center center fixed;*/ + /*background: url(https://treetracker-production-images.s3.eu-central-1.amazonaws.com/2023.04.21.03.36.20_8.485640049999999_-13.254117873333334_27928e01-6f29-4ac0-bee2-df494f3a1363_IMG_20230412_170116_1704432758494134189.jpg) no-repeat left 35%;*/ + background: url(https://treetracker-production-images.s3.eu-central-1.amazonaws.com/2023.08.22.16.08.58_0.5209260000000022_109.31300000000013_12dad55b-8dac-4224-93ba-de8631460ac7_IMG_20230822_151206_4872363611904227603.jpg) no-repeat left 35%; + background-size: cover; +} +div.kc-logo-text { + /*background-image: url(https://map.treetracker.org/images/treetracker_logo.svg);*/ + background-image: url(https://map.treetracker.org/images/treetracker_logo_white.svg); +} +:root { + --pf-global--primary-color--100: #86C232; + --pf-global--primary-color--200: #a6dc5a; + --pf-global--primary-color--dark-100: #86C232; + --pf-global--primary-color--light-100: #a6dc5a; + --pf-global--active-color--100: #68a119; + --pf-global--active-color--200: #b9ef6d; + --pf-global--active-color--300: #89e00f; + --pf-global--active-color--400: #80aa44; + --pf-global--link--Color: #61901f; + --pf-global--link--Color--hover: #547722; + --pf-global--link--Color--light: #b4ef62; + --pf-global--link--Color--light--hover: #b7e973; + --pf-global--link--Color--dark: #679822; + --pf-global--link--Color--dark--hover: #5e9413; + --pf-global--default-color--100: #86C232; + --pf-global--default-color--200: #a6dc5a; + --pf-global--default-color--300: #86C232; +} +@media (max-width: 767px) { + .login-pf-page .card-pf { + margin-left: 20px; + margin-right: 20px; + } +} diff --git a/keycloak/lib/docker/themes/treetracker/login/resources/js/treetracker.js b/keycloak/lib/docker/themes/treetracker/login/resources/js/treetracker.js new file mode 100644 index 0000000..b25b3e5 --- /dev/null +++ b/keycloak/lib/docker/themes/treetracker/login/resources/js/treetracker.js @@ -0,0 +1,18 @@ +// javascript to append a new div to body +var newDiv = document.createElement("div"); +newDiv.innerHTML = ` +
Find the tree on the background on our web map.
+`; + +// Append new div to body when the DOM is loaded +document.addEventListener("DOMContentLoaded", function(event) { + document.body.appendChild(newDiv); +}); diff --git a/keycloak/lib/docker/themes/treetracker/login/theme.properties b/keycloak/lib/docker/themes/treetracker/login/theme.properties new file mode 100644 index 0000000..ee8200a --- /dev/null +++ b/keycloak/lib/docker/themes/treetracker/login/theme.properties @@ -0,0 +1,5 @@ +parent=keycloak +import=common/keycloak +styles=web_modules/@fontawesome/fontawesome-free/css/icons/all.css web_modules/@patternfly/react-core/dist/styles/base.css web_modules/@patternfly/react-core/dist/styles/app.css node_modules/patternfly/dist/css/patternfly.min.css node_modules/patternfly/dist/css/patternfly-additions.min.css css/login.css css/treetracker.css +scripts=js/treetracker.js + From eda585f27f7ed66028d1f7b3df246b5ff1e50159 Mon Sep 17 00:00:00 2001 From: dadiorchen Date: Sat, 4 Nov 2023 04:28:18 +0000 Subject: [PATCH 11/25] feat: can access from domain --- .../lib/kubernetes/base/deployment-raw-client.yaml | 8 ++++---- keycloak/lib/kubernetes/base/kustomization.yaml | 2 ++ .../lib/kubernetes/base/mapping-raw-client.yaml | 11 +++++++++++ keycloak/lib/kubernetes/base/mapping.yaml | 3 +++ .../lib/kubernetes/base/service-raw-client.yaml | 13 +++++++++++++ 5 files changed, 33 insertions(+), 4 deletions(-) create mode 100644 keycloak/lib/kubernetes/base/mapping-raw-client.yaml create mode 100644 keycloak/lib/kubernetes/base/service-raw-client.yaml diff --git a/keycloak/lib/kubernetes/base/deployment-raw-client.yaml b/keycloak/lib/kubernetes/base/deployment-raw-client.yaml index ddbb38e..59056e2 100644 --- a/keycloak/lib/kubernetes/base/deployment-raw-client.yaml +++ b/keycloak/lib/kubernetes/base/deployment-raw-client.yaml @@ -36,8 +36,8 @@ spec: --> - - + + @@ -83,6 +88,7 @@ spec:

Treetracker Raw Client

+

Welcome:

User Info

From 655e64e78c21afe56b0e9cd5066336fc5ff4b307 Mon Sep 17 00:00:00 2001 From: dadiorchen Date: Sun, 5 Nov 2023 04:01:15 +0000 Subject: [PATCH 13/25] feat: can deploy by ansible --- keycloak/lib/kubernetes/base/deployment.yaml | 5 ++++- .../lib/kubernetes/overlays/development/sealed-secret.yaml | 3 ++- 2 files changed, 6 insertions(+), 2 deletions(-) diff --git a/keycloak/lib/kubernetes/base/deployment.yaml b/keycloak/lib/kubernetes/base/deployment.yaml index 97d1e93..d5d04ea 100644 --- a/keycloak/lib/kubernetes/base/deployment.yaml +++ b/keycloak/lib/kubernetes/base/deployment.yaml @@ -25,7 +25,10 @@ spec: - name: KC_DB_SCHEMA value: keycloak - name: KC_DB_USERNAME - value: doadmin + valueFrom: + secretKeyRef: + name: keycloak-secret + key: username - name: KC_DB_PASSWORD valueFrom: secretKeyRef: diff --git a/keycloak/lib/kubernetes/overlays/development/sealed-secret.yaml b/keycloak/lib/kubernetes/overlays/development/sealed-secret.yaml index 25a7fed..6e876ec 100644 --- a/keycloak/lib/kubernetes/overlays/development/sealed-secret.yaml +++ b/keycloak/lib/kubernetes/overlays/development/sealed-secret.yaml @@ -6,7 +6,8 @@ metadata: namespace: keycloak-next spec: encryptedData: - password: AgCAdv4vYJckbSbQjeYyFbH3VEO1wYSGk1dcZZvOyw5ph+0d97K4YvjMX05MlXbUYpgx774BWEhsOSADn8Zq/SbBRyd5wPR4j9tndDf1wgldhcC149HkHOfNrx2H4y8Xe9PQb7zN4eudbDZMjpHB7T5zGcS5o6dEKoJ/BCBfPpoGwh1uYUX/z4cP/8whGImkWR6l9Gcy/7FtUhcQktcL59Z4RlnasqX+UJqro88gZ+alcN4MhU1b0OAmW+DEjFFKo/XHYD67LvVVv9jKTRbgopmDfG7qioby1HkFajAXk/pF2yiTU8a8uWRGhTE0t6oJQ8+98YH5uruAorD7VbBjzi6df+OwO0pKzsaz21yFJdi002lZ0GPDuWa+8iXrunNSk2YJltEIVPRYPzAXObQAXoyCLfHD+Nwp+EIE5acr8HkU4Ke7o7QA0gpbZtglPmYxpQf4L30WQVRkzUsMUifb+5oYYdNqSU3zmmbjFRYoDPdKRq8+kH0SRvJ0vF7qZZ5Cf3yhnb8Czrb9vf37V67lWeJ6Zif8o1/+SyQNuV6RLGR9kVbvXSGJkk6w8RrVfNjF3uP1pwoIpGJuYSJWgckYJst+y86mbMRoIg9f5ajaw9oqP4XrmsJKwx1gXMbXs6GB0Q1enb5nHQVCW/uvLtJHZRA+wRg0di5QQ9Q8zVVqRgxOxRG+H5Ga6TTKP8BzWx95Ipi4YlBaMJ6TFXRf+iGu1SaK + username: AgCNGCcvcy43QqcOBxRhKNzIjwqmMZZDJFmdesMU6SYuVky0uEXTNtXpMo2kGvn1cv+4l3Rndb0wgfulODmeXJgfkSb/iiROmGdbfOGsvtlmGUySl5cdw6xm7jKfiUab3p/Iezjyhu8bvA9cFeivUzBWv25OcJTj8XkXXORQY3cGWuwlyspg1E1xv+ACXBuMvgspwDjb+JwVvY4SF8S5WQcjrKwK239djXb6JVfZxoA16xscOM1NpxXudMRyjm+RPixG5r6VAhyFYr/VB76OHiHNLUessxBCNEJ3yThu8w0b1QCq7jDc+xFmoLxm0KC+4tg8mng+kZsvj/EOJWIBX97LlC3kzlnMBXwgu23wmSLw8Ka53x0JOdMBkEATFxlxe8IuMQcYShTIeGzmLFLrkWdIwFscQ+SV2gZptNMczJevRGmg3kJILr4fjLO9z73U2/z7veZsf66yldklS7BoGkDss7HC9kjfA1BMIrUTfi9paM08kX+ZJ9UQtpf4BrUTZUGeEj3+D8DP4rXFBnhho+8+eMB/VCFyr8uccuBD4ml+dgACrWHLtiD6UHuJzwKx/tanWWYktfgWw6MTfTwKAgSdBMaV8PuLrAAnuNC+OHmWIGitXaE/bSiQlRL7NG2pGjPk4D5/j/2n1UTcKrVfDU5ObjCGBzRbOqfS589Lhb9+20sSI9YOYqbaGfPeo/ePdTv5o1HhOqHJowxb + password: AgAQ/7qh8AYrW8tDRfmKAHPNN0crHxWjut3WZ8gWvJ8bCErSseZE3nUTU4xJqh7xzwmswdOvH5iiqHamWfwZ2T8O1S0vUdxrM54m7viQyvYOb2webLTr0JplzOTARUUdKc7A8QVAurBAXIHpCbE4fWsYW96vUGJ+tEU3D2j0bYMZtjIYtZjPOec4uy8YO59P2T981k0cvVIrWm4pbvmFQFmziENdIU+Y9TtIJBivKenplp6+lGyp5kaFo2vNK4WP3AIf9fC99b6Zidv2JqGCyP3CvAvl0awqj2OneC+6N8nYh4tNPEi/zEJjzC8b6JuN1s6gtwRKQhqtl5headTKhciRbA7H7Sm2ZKUjiT0R5Lft5Wj/eziKWsa9LnysnM87e2GCJzBS0/YfPG2ntYOn/Tm2Icfrg/gXCQWerE5/FhorN4TXZ1Sm6eXYOy5ytH4WWFOzM/idFOYEc6AgV+9hpBxYWhTUoS5KPJ5R6NLZ3PeRIOIzkV7GP/lBIKOHcljQxCi8MBRksLpBjijld4Ij33mSYhM/dDhdJdf22L9obulvUVBzYPtaQu8o9SMpobq6s8U6hEPxcgnj4VIG/hTfKEYat92wX38JXzp3x2vgou++gX1bBS0w7YYBkcqHfZraCfDoYYSojGy7ViGOSUEzCLGPU1vyGxqVcu0EVIKsRmir+ASxDXhXM7X1FtZ6Rvk8JU1rQi+eGXQlRoKNieg+xDtV host: AgAvCMRMr45etq0BdXykCiNmo3EVzdHsuFcNj4cAzpWk2nMwg9ShK017hRtYx7xJrqJdOIoGzhOgqX/qTQ5BFws5A46kW6d2FXBFyfx4R5lDaMBjiaaY+VGg0lqEv68/wFHCSg75c9Wyvq91CmdMdad+sB5yxatEvMY9PqrDYPeDte2Ri274Qrxd/BmnhUrTMwfYhZ8/LTzPL5B5Iw80w5T4IaM5ZgDonRx0s92TJOf431MAdBdEVYVP2krErpxLDMHeqd8mnfe29zXMXfM3Ihl2SJeDkXow0vMNpmxmvaPpTItLP2IASptW8bR3EaAcWcTzZM3IguCzTxHs4H/+Xl8aE1BfX6RsAhTd2iXKnAdZLkbfF8ymKP8a7bSPVR2sZF7I1WHISLkbbop2kBTEdtItwMXkO/SwgCgNazENmFUCeQRpllrpkSpUjgMulacCWqpzv9dIGlOeFCKDFgqrZd3Pv6e/ut54mAXWZm5alMxR36l/PYBNh0TMuEkn6b38hEWUO45u9C2XbF0S9+h+BWz2Bt1ij3iSGkoFYSnAnMYXZ3t42s6xtG9Gq7+pRSQu6JoY+frU2RrMbuw+1fI0bBX+NsfUpDhqhEghg2p2rVf+SeS147OJ0QG8JtAdWTnaXtUJkE/PGBrp0b41TB2Q1mSW85xFmCv8kkE2AAv1MhPm4bGhIuFUtBYb1JVLtnER5L61pQzrqknee20gxS+ta5JcD63LbrOUtTu48Xqamji3G/lhkrwAS8O4TY3tBaihUbaJkOsSTtnqvWzDbeqDQFNKv9A= admin_username: AgA/X2kBuFzO8IEKhGNLwJi7NpsuoO54uhHYhNZzIxSWOFp/zouu5Ib4TXd8APk/GnGG/IN8FMbNzqHJQUNQS1mG2HV8/tHbzXda1pnf3RHDLZb5el8nS9ehFybx4yT+X6AbUwgCYuo5A6YtgeoHCDVi3wj02XSrxFgK498E7g1pbUXw9tQgI4hd1dgRXHahGv+cA8KD5jaLBv6wLo07H9TVtT5dY4ZnIAFoRkNQDhIVToAxLRBLJgsqKo90PrHo3EqX7riThbJsL0FEQR11JbfnnCTuj+wwzI8a3opmSVBxGpFs0d7d9oRYtRAsX9BJrWv2e14bEhoK9e/yAGlkHpQzvqnH9mZsvFKze3gXrbc+WUHK02SV4c4bL4ym+yG7xfTb6/0gIVytjFVM6C7YXQ4ltZl4cERzA/n+IWB1YKaU1ChdPtDcecQHgaxlaEPTL4MS3NOsV8jJDhmZgztYJZNJ+crfavx2CG1McBFdJohTKJZznSzE1BZHfJSnJo1N82FWff7ryf7gxToVusdAHxNQokZQ+uy1I3sa8BwDIp5PuuAl22qNfdHRag0TBBZw9aTBoLrnWpf/7JbKSrky6MHY28JaKKUnOywfwEux7HAzG65TVsXbzhvhb4C4MG6qL4cnlcxbKAcbZ81ci8HRMvpFMzBG63j1ijaoKkgozNXTt2Z1fdNhZTwuOhSYop9bQTSxoMqN9g== admin_password: AgBUBQAfA67jDNjdb7bc8zNLHnTBR/UAd5U1jxQTprCjxrNA1RAgzJhQCwQGyXdnKQsTiZcB+AzvvJcj4Q1fbrrQTlyZ8lRLCaydkUPIyjUDUTp/RHZ76kncdQ0aU8Rs2Io/sDbXNO3PA0uPFS9u+4dHTboAUTKr4IWK/Oeke2aX3i6LA6cZOfAjfKDEjHcDWkXecT+dY0vX1b0qWhtKezI1i43ylPMF7ilHcJXsaXvec8WCz3irKzLsV1iobBgD8UnVjbpgX/DUlLnnBd/TvTmg1hPlzhJqkwDZ8GMaEg4gUfxoZMHwoYKl15lM3XEF0iyjqd45k39Lo6hdv2fCCXVfx1J9tGXC1Etp0l8DQqLHlCoELxXVDgx6t7RDpwBb5cvTRONW7mR2qLw8JBC0tdKK0Uix9mJyB0OyRxwUkMsUV3c4WrdDt1AUv6+kPsSc64rm3hcMd2LpXZfc37lb0UPNDPc2xLoCitfl3AeJ50wP9G2m/FfyW8JBa3SBoymq0cnmFXm8yfC5yyWa1rqH0CmNKl5AnOhCKia45cH6r4OKGBmnbDZ7wSw4+QPTB9toXYJfqts0iPNR4TiE+OBzFIZ8W37jp/cbX6gKAz1h7ONKYx/Vd5lzHdyw0spo+wahXLZH3fIOT25BmSRympsNm/s+z5zykXp3TCP+HZoTyO1mXlONsgqYyXqU7te3jyvQNwed4QWWP+d2JbqMqS4= From 4925fcb671bf9c294e6a36cfa0abab48ff78b730 Mon Sep 17 00:00:00 2001 From: dadiorchen Date: Sun, 5 Nov 2023 04:02:54 +0000 Subject: [PATCH 14/25] chore:can deploy by ansbiel, with env var --- keycloak/lib/playbook.yml | 51 ++++++++++++++++++--------------------- 1 file changed, 24 insertions(+), 27 deletions(-) diff --git a/keycloak/lib/playbook.yml b/keycloak/lib/playbook.yml index 56f3f09..7b9a8b9 100644 --- a/keycloak/lib/playbook.yml +++ b/keycloak/lib/playbook.yml @@ -2,8 +2,13 @@ --- - hosts: localhost vars: - #TODO - deploy_dev: "dev" + envs: + dev: + kustomize_dir_name: development + test: + kustomize_dir_name: test + prod: + kustomize_dir_name: production tasks: - name: install pre-requisites pip: @@ -13,39 +18,31 @@ - kubernetes - name: Print environment variables debug: - # print var deploy_dev - msg: "Deploy to: {{ deploy_dev }}" + # print var deploy_env + msg: "Deploy to: {{ deploy_env }}" + - name: Set fact for kustomize dir by deploy_env from dictionary + set_fact: + kustomize_dir: "./lib/kubernetes/overlays/{{ envs[deploy_env].kustomize_dir_name }}" + - name: Print kustomize dir + debug: + msg: "kustomization dir: {{ kustomize_dir }}" + - name: Print k8s config + debug: + msg: "{{ lookup('kubernetes.core.kustomize', dir=kustomize_dir) }}" + - name: fail + fail: + msg: "Deploy to: {{ deploy_env }}" - name: Create a namespace for keycloak community.kubernetes.k8s: name: keycloak-next api_version: v1 kind: Namespace state: present - - name: Install keycloak operator - community.kubernetes.k8s: - state: present - definition: '{{ item }}' - with_items: '{{ lookup("url", "https://raw.githubusercontent.com/keycloak/keycloak-k8s-resources/22.0.5/kubernetes/keycloaks.k8s.keycloak.org-v1.yml", split_lines=False) | from_yaml_all | list }}' - when: item is not none - no_log: True - - name: Install keycloak operator 2 - community.kubernetes.k8s: - state: present - definition: '{{ item }}' - with_items: '{{ lookup("url", "https://raw.githubusercontent.com/keycloak/keycloak-k8s-resources/22.0.5/kubernetes/keycloakrealmimports.k8s.keycloak.org-v1.yml", split_lines=False) | from_yaml_all | list }}' - when: item is not none - no_log: True - - name: Deploy keycloak operator - community.kubernetes.k8s: - state: present - definition: '{{ item }}' - namespace: keycloak-next - with_items: '{{ lookup("url", "https://raw.githubusercontent.com/keycloak/keycloak-k8s-resources/22.0.5/kubernetes/kubernetes.yml", split_lines=False) | from_yaml_all | list }}' - when: item is not none - no_log: True + - name: Set fact for kustomize dir by deploy_env from dictionary + set_fact: - name: Deploy keycloak instance community.kubernetes.k8s: state: present namespace: keycloak-next - src: kubernetes/deployment.yaml + definition: "{{ lookup('kubernetes.core.kustomize', dir='./lib/kubernetes/overlays/development') }}" From 46f47b97099de8b91aa529afdba063799e5a5981 Mon Sep 17 00:00:00 2001 From: dadiorchen Date: Sun, 5 Nov 2023 06:41:40 +0000 Subject: [PATCH 15/25] chore: can change domain for envs --- keycloak/lib/kubernetes/base/deployment-raw-client.yaml | 9 +++------ 1 file changed, 3 insertions(+), 6 deletions(-) diff --git a/keycloak/lib/kubernetes/base/deployment-raw-client.yaml b/keycloak/lib/kubernetes/base/deployment-raw-client.yaml index 8820dc8..776551d 100644 --- a/keycloak/lib/kubernetes/base/deployment-raw-client.yaml +++ b/keycloak/lib/kubernetes/base/deployment-raw-client.yaml @@ -281,11 +281,8 @@ spec: EOF + sed -i "s/dev-k8s.treetracker.org/${RAW_CLIENT_URL}/g" index.html npx --yes serve -l 8080 . env: - - name: TEST_CLIENT_URL - value: https://167.172.8.145 - - name: TEST_CLIENT_REALM - value: treetracker - - name: TEST_CLIENT_CLIENT_ID - value: raw-client + - name: RAW_CLIENT_URL + value: dev-k8s.treetracker.org From 4fd7eb11cca8ed3a42e4f9300a1b2f2e847d0d8f Mon Sep 17 00:00:00 2001 From: dadiorchen Date: Sun, 5 Nov 2023 06:45:52 +0000 Subject: [PATCH 16/25] chore: full version for dev --- keycloak/lib/playbook.yml | 10 +--------- 1 file changed, 1 insertion(+), 9 deletions(-) diff --git a/keycloak/lib/playbook.yml b/keycloak/lib/playbook.yml index 7b9a8b9..51ebb30 100644 --- a/keycloak/lib/playbook.yml +++ b/keycloak/lib/playbook.yml @@ -26,23 +26,15 @@ - name: Print kustomize dir debug: msg: "kustomization dir: {{ kustomize_dir }}" - - name: Print k8s config - debug: - msg: "{{ lookup('kubernetes.core.kustomize', dir=kustomize_dir) }}" - - name: fail - fail: - msg: "Deploy to: {{ deploy_env }}" - name: Create a namespace for keycloak community.kubernetes.k8s: name: keycloak-next api_version: v1 kind: Namespace state: present - - name: Set fact for kustomize dir by deploy_env from dictionary - set_fact: - name: Deploy keycloak instance community.kubernetes.k8s: state: present namespace: keycloak-next - definition: "{{ lookup('kubernetes.core.kustomize', dir='./lib/kubernetes/overlays/development') }}" + definition: "{{ lookup('kubernetes.core.kustomize', dir=kustomize_dir) }}" From c8380a64f1d1e41ecabdc9fee394277554176e7d Mon Sep 17 00:00:00 2001 From: dadiorchen Date: Sun, 5 Nov 2023 22:33:11 +0000 Subject: [PATCH 17/25] feat: can apply keycloak to test --- database-grants/terraform/README.md | 4 ++++ database-grants/terraform/prod/main.tf | 7 +++++++ 2 files changed, 11 insertions(+) diff --git a/database-grants/terraform/README.md b/database-grants/terraform/README.md index 313ab3f..7f4e2a6 100644 --- a/database-grants/terraform/README.md +++ b/database-grants/terraform/README.md @@ -35,4 +35,8 @@ Apply: terraform apply -var-file=dev.env.tfvars ``` +# Troubleshooting +## Error: role or object does not exist + +When applying a new schema/grant, sometimes error reports xxx does not exist. But if you run it again, it works. Known issue [here](https://github.com/Greenstand/treetracker-infrastructure/issues/201) diff --git a/database-grants/terraform/prod/main.tf b/database-grants/terraform/prod/main.tf index de304f0..55c15a3 100644 --- a/database-grants/terraform/prod/main.tf +++ b/database-grants/terraform/prod/main.tf @@ -83,3 +83,10 @@ module "contracts_schema" { postgresql = postgresql.treetracker } } + +module "keycloak_schema" { + source = "./schemas/keycloak" + providers = { + postgresql = postgresql.treetracker + } +} From 1b52ffaff4cca61731e0a348be4c2681f861bdc8 Mon Sep 17 00:00:00 2001 From: dadiorchen Date: Mon, 6 Nov 2023 02:16:47 +0000 Subject: [PATCH 18/25] chore: can deploy to test --- keycloak/deploy.sh | 13 ++++--------- keycloak/lib/js/checkK8sClusterNameByEnv.js | 2 +- keycloak/lib/js/getK8sClusterNameByEnv.js | 4 ---- keycloak/lib/kubernetes/base/mapping.yaml | 4 ++-- .../overlays/test/deployment-raw-client.yaml | 14 ++++++++++++++ .../overlays/test/kustomization.yaml | 9 +++++++++ .../overlays/test/sealed-secret.yaml | 18 ++++++++++++++++++ 7 files changed, 48 insertions(+), 16 deletions(-) delete mode 100644 keycloak/lib/js/getK8sClusterNameByEnv.js create mode 100644 keycloak/lib/kubernetes/overlays/test/deployment-raw-client.yaml create mode 100644 keycloak/lib/kubernetes/overlays/test/kustomization.yaml create mode 100644 keycloak/lib/kubernetes/overlays/test/sealed-secret.yaml diff --git a/keycloak/deploy.sh b/keycloak/deploy.sh index 01afdd5..32e8cdf 100755 --- a/keycloak/deploy.sh +++ b/keycloak/deploy.sh @@ -4,16 +4,13 @@ # Prompt user to choose the environment echo "Please choose the environment to deploy the keycloak" echo "1. dev" -echo "2. staging" +echo "2. test" echo "3. prod" -#TODO -#read -p "Enter your choice: " choice -#deploy_env=$(node -e 'console.log(["dev", "staging", "prod"][process.argv[1] - 1])' $choice) -choice=1 -deploy_env='dev' +read -p "Enter your choice: " choice +deploy_env=$(node -e 'console.log(["dev", "test", "prod"][process.argv[1] - 1])' $choice) echo "The environment to deploy is: $(echo ${deploy_env})" #TODO -#read -p "Enter any key to continue: " key +read -p "Enter any key to continue: " key # check the k8s cluster echo "Checking the k8s cluster" @@ -28,5 +25,3 @@ if [ "$is_cluster_ok" != "true" ]; then fi ansible-playbook lib/playbook.yml --extra-vars "deploy_env=${deploy_env}" - - diff --git a/keycloak/lib/js/checkK8sClusterNameByEnv.js b/keycloak/lib/js/checkK8sClusterNameByEnv.js index 976ffb5..4c986ec 100644 --- a/keycloak/lib/js/checkK8sClusterNameByEnv.js +++ b/keycloak/lib/js/checkK8sClusterNameByEnv.js @@ -10,7 +10,7 @@ const clusterNames = { prod: ['do-sfo2-prod-k8s-treetracker'], }; -if (clusterNames[env].includes(clusterName)) { +if (clusterNames[env]?.includes(clusterName)) { console.log('true'); }else { console.log('false'); diff --git a/keycloak/lib/js/getK8sClusterNameByEnv.js b/keycloak/lib/js/getK8sClusterNameByEnv.js deleted file mode 100644 index 799fb13..0000000 --- a/keycloak/lib/js/getK8sClusterNameByEnv.js +++ /dev/null @@ -1,4 +0,0 @@ -// usage: node getK8sClusterNameByEnv.js -const names = { - dev: 'dev', - diff --git a/keycloak/lib/kubernetes/base/mapping.yaml b/keycloak/lib/kubernetes/base/mapping.yaml index 555219f..e4392a2 100644 --- a/keycloak/lib/kubernetes/base/mapping.yaml +++ b/keycloak/lib/kubernetes/base/mapping.yaml @@ -10,5 +10,5 @@ spec: rewrite: /keycloak/ timeout_ms: 0 # cors: - origins: - - "*" + #origins: + # - "*" diff --git a/keycloak/lib/kubernetes/overlays/test/deployment-raw-client.yaml b/keycloak/lib/kubernetes/overlays/test/deployment-raw-client.yaml new file mode 100644 index 0000000..9a68904 --- /dev/null +++ b/keycloak/lib/kubernetes/overlays/test/deployment-raw-client.yaml @@ -0,0 +1,14 @@ +# deployment a test client for keycloak +apiVersion: apps/v1 +kind: Deployment +metadata: + name: treetracker-keycloak-raw-client + namespace: keycloak-next +spec: + template: + spec: + containers: + - name: treetracker-keycloak + env: + - name: RAW_CLIENT_URL + value: test-k8s.treetracker.org diff --git a/keycloak/lib/kubernetes/overlays/test/kustomization.yaml b/keycloak/lib/kubernetes/overlays/test/kustomization.yaml new file mode 100644 index 0000000..767c247 --- /dev/null +++ b/keycloak/lib/kubernetes/overlays/test/kustomization.yaml @@ -0,0 +1,9 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +bases: + - ../../base +resources: + - sealed-secret.yaml +#patch +patchesStrategicMerge: + - deployment-raw-client.yaml diff --git a/keycloak/lib/kubernetes/overlays/test/sealed-secret.yaml b/keycloak/lib/kubernetes/overlays/test/sealed-secret.yaml new file mode 100644 index 0000000..4c68e94 --- /dev/null +++ b/keycloak/lib/kubernetes/overlays/test/sealed-secret.yaml @@ -0,0 +1,18 @@ +apiVersion: bitnami.com/v1alpha1 +kind: SealedSecret +metadata: + creationTimestamp: null + name: keycloak-secret + namespace: keycloak-next +spec: + encryptedData: + username: AgAhvWlG7Nkxo62zbg10iL2c+1fYl9Iv/i2mX5Yg+7S70ctABrLmjPSusYAnHe0TZ/lUE3noZ/ERnJVDbAhWebX1fkALTuKtceo0vjzDs+y6r2yVwRMdXBphcKbMCZORrjDqDD0q/Y284FXYJc2wh879rFzdwfePdMNtu4jXbgTdaBeBiVStMS+0UBtfjbbPo/1jIZ3MgHQjdPZRNkmt2wgQDm15C4xoyAM4kIqiNKdQCXlLqFy3/WENJ1WHBbMZ1PVw3+fsfPvsc1tuilbcz4QyUZtXE5z6HNiwQGhK/wL9wlVaB9vAH0kJqM75Ymx+jyh1RIJX4cnaPZj1KF+ypKyVj5gxjBzE4CGWluil0V9J/9Qt+R3KPhcpkjXjDY0t0nzjJs3P+IjcorACujfJ3PPStrm7EC44ZhZjHbdQqNKY53PKrCVzjv4F4CttbywottGDVnljzIOxqdJCa5jzWCFgywyTQrBk772pkEWIkphLFrwSSyCpSZSgWqXCf7uTfLZL+H755+BHarjluZoutJhUOv69iHLVgRSycWi82xuniDwIwxjE9QVcIHkEXDEHF+in1a13fREOJs33kxD9Q+FP16xLFvtZJsb77sHNc14rH//wRmMn4WAVC7IvRH8iuUzL9gVNqMOExNe6v0h/P9h/ZZAZgorTXLNgA3hclb18Hv+c50D6DQFKhheE7LhdhLyXTDg5PhF84uN+ + password: AgCKLYQEiqmEdlXqoPhQThwQtejpfoHeX9x3Dx4S1Vt163B32voWlEUKcOmGSj2u32Bojlwj8AfQRp/RC9Gu6WymgxuzavmnAB3cpEHSFZbaPCEiO/v7QvZrMYpCQacdy/UcTcV5vLDrDX+5ijHtSj9dcURBez7hV0HP9us85/86xZ25FXFszG/01GPE2u/1tJcvtiaHyyghXkPomY/K5mb2A5uUbAlsmPqAIZSKxUdJenjN/k+3Xh0z+SwLHc9xPDRHtrNsY5+9cyarlhC0poJqMORH3d4cEzviau8eviXGpv/QS0wtgzpPS+7nc9FUKEB+KKFbZuqRoVrvsyRN1MALcenEYN+N3oU/41Zexu4q79zfCrfqNJrqGujTYP3b25KdXa+F44NCxIQHj3b6i+3OuV1Ih2L7eGBC3RU3Iq3T02BUJd396DYZz+pjEAlF3r6MUN6GYTTwV5fR9fTQ4z0sVKkxlfBuJPoqYcZU/c/BlP/BY9Wi7LDIVuGe+l7IyNYbZ2Z10uMS56CKY9ol9Y6Gq4pp2IGkG4mvQ0Sd2RdHfJFsnomPc3zYJsgf0uJmBVwSLqLvgquohAQbfu7NB1BA3IOqmQzoMOzSHqbGyRrREIy/XIlXodwRJCZ2W8hWqdKkEc4XS7dU7WXvy+zwZz4LGm3zyDsY60za0h5litv2f633x5EVIt+oeWyCOAqG/6pPgW/mXk4UnUPXA8a4Lg8y + host: AgCjpXB3CAqTXYRwky4wE7Znt/Et6Z4MCTsGs9IzIe52Tymyajw0VgtXKGPuQqlLevUAXBE8Owr004Ql9cVca1vEx9Jm+KtvUzWkNDUPxN7mXhgomLjLUQ8s13IZlhv11yOMD06L4SSdUzf8YB+qJZpzYkWJ0vOrqzSVU6MNbKCH9oFGk+G+GpfmBX+JDvZXuzaKTGKxxBaUTcO4QgK7+AfgVpx7dV6Q5yJoWnG3l5HRRTB0UfGH8zVf1qLotXZbsFkqntOryS6sxVXv8chDRTxKafQYdl+9gfv/SCX0xZocnBgfw9WkHb6H9oqBJsGMvDZd7sSGIYvs9LdVtntmkp96V3DIReFwHFtgOBZ/Q4fg9hxiHbxM7xYBwhLgle8gLZGHp3MNQMwmg9610qeSJRQ2YfbCtwO2GCE9MVVkj/FxlaCB5/b19kw1azsyWKT9znGMzfkJ7gVMmU/nZadJpVyEg1qtWMSSpRBbH9v3PRHT1zx+ovaQHTBUWv9Bp8c/Knz5V1jcYJmGqhnVd8BFRvcHgo1h5zE7JZI9QAWuvqPLtTBzSBvQgXReRXTd265m6JhVEbfRpzz/q72aTIVuoQZ/yJM4VSs9rsuGZcI2Qd0l9OU3WMo5xa+ip7xXNX4zS8JdTVPPcXuFD2Zxz0oRjnL0ruSopMZu8zceVG+/rN6Hr5/s5F9/jE4QnqFdC79jPSNgIxLbv67lNTaQOVFFKbnSnCWRaZEpQfPuqQMKUkBM1nVk28y7TrgtXqYcvUZE9NAPqwTKEPAYbbGp3N8FyVkT + admin_username: AgCGdHZy3xnHv8kQBfqtT13+2k9qnB9fXBMQuuxueZzhNekJeK5vKa1pkWm8+0pfAfc/VACvT/IBo204OBSdn4M7Vv1zRICHdzaGcHvienCALw+7XnuZbxWdnpIbu7mGxM3wWVBfGDFDymFd3QjkwVseLNhiU7gdrMY91XdmOp/VzLHgy81RgHU1sksuUf1iv3N8SkcsufX7DgWhpTbgClIHXqZYLb6brU1UP1HNvehdS+h+Ep7jIyDDg18EJg9ARgjBUvSaO3CCZkLHrfj4BHm/gRh0mmhfC0mMFBRmqKMV1DXarDJysJtpoIjcUCfAOrd2AgXNmxHr02g8i+1fSMLAST3T5tghVAdDP1zLVASd/FPdo7zQp7MtG5Yg0tEr1I+8qUdERTqXj1kpeCBP+VoDiUOI1o3ZY/xXnAAKZv2dJDgNan1AGtQk53pJCsOAxK1bDGuYmjm9szFIpzt3HZm1w9YtzxDZUNojBMRsPrFdwPAGwUjLxaexnPy9uXDhBKCMXQpOmOwGylhp/kunXCITdXeWoafgsBvAwUVHhcRlX4Tal2OBzWVvNz80BBjaAcOH27VATmBhchSalmJrC/Yu7jeJGDOQVEyu8kkIibk2U8W0akTz5/qxIw+UFPB6E6/yl9mAQE33J4feOGw3B9dD1m17J7YzeJ4dhK7TW7/ZZ/S+hU9vN+Kun3gxjXH327Ym80xrRg== + admin_password: AgCUVVnISbfR32ORe03ypV8C02TgoLDiRUz2W+P18cQDuM0XtEm+EMjxcSUk3+iIfES0Q+8xP2eJEiWG5z8CHbCygZ8Oiy8i7IaIWlv05zB5pSbclsE4esEOeyYxxGLIvA2hP6npZiHh2u03UX4Ik4PvX5TKF15oDuTqG6NYgWQ28p1T2i/ZfvIqwvbqgnUCEtEurY9fx6tkqb1QuhzfuxM3fExvx4mUZC7gXFB0prC+i8ZCzjkEJ9GV4nc9XC0xpIYZLSqTOSzIC//yuFAYLOp6myv2ROFYXGsLXl2HAdPL1ogUZiYjdccA69vjmkqejbTZ9+Ny6ntfVbj/FFYaeRcFRbE6od08v3tx0+vM/hpNhGPY0iv1SthhJRoh1n5blFnDY7D72nOZBggXSbcnqVt/Ut/0l1u/IasJ+Mw5sp68Oqz/RHsiQFDstF+gzMHiWsJYSM0vC8AETpn9spAliQgu9lD2tOgFAJMxz/TGneICjDeBoHmQvulic4xz3JS+nC2muHoigbh8341Zn8rS42NNHFWydDYpSc3RkXXA9i08XFrw62Wbx0oc2IefBG7jm80jH9D/gkbHQFz7h9nIHZMPykX1VPMKWfnk123Sm2YGCqPmTUZvNnOVRK/RKoVfFLCI6cyUcThWlW7drXLTCpP/Ur3oIE1rCXUmlDbv8pqSVGHGqb/NqmasBr91G0gXt0iXYTmbk5MS1iII4Nw= + template: + metadata: + creationTimestamp: null + name: keycloak-secret + namespace: keycloak-next From d6f71b00513a7892f1af10ba6cf9345b367405b4 Mon Sep 17 00:00:00 2001 From: dadiorchen Date: Mon, 6 Nov 2023 06:59:02 +0000 Subject: [PATCH 19/25] feat: can apply terraform to prod --- .../terraform/prod/read-only-user.tf | 37 +++---------------- 1 file changed, 5 insertions(+), 32 deletions(-) diff --git a/database-grants/terraform/prod/read-only-user.tf b/database-grants/terraform/prod/read-only-user.tf index 4946ccf..7ee2e59 100644 --- a/database-grants/terraform/prod/read-only-user.tf +++ b/database-grants/terraform/prod/read-only-user.tf @@ -11,33 +11,6 @@ resource "postgresql_role" "readonlyuser_human" { password = random_password.readonlyuser_password.result } -resource "postgresql_grant" "readonlyyuser_select_field" { - provider = "postgresql.treetracker" - database = "treetracker" - role = "readonlyuser" - schema = "field" - object_type = "table" - privileges = ["SELECT"] -} - -resource "postgresql_grant" "readonlyyuser_usage_field" { - provider = "postgresql.treetracker" - database = "treetracker" - role = "readonlyuser" - schema = "field" - object_type = "schema" - privileges = ["USAGE"] -} - -resource "postgresql_grant" "readonlyyuser_sequence_field" { - provider = "postgresql.treetracker" - database = "treetracker" - role = "readonlyuser" - schema = "field" - object_type = "sequence" - privileges = ["SELECT"] -} - resource "postgresql_grant" "readonlyyuser_select_public" { provider = "postgresql.treetracker" database = "treetracker" @@ -161,7 +134,7 @@ resource "postgresql_grant" "readonlyyuser_sequence_treetracker" { role = "readonlyuser" schema = "treetracker" object_type = "sequence" - privileges = ["SELECT"] + privileges = ["SELECT", "USAGE"] } resource "postgresql_grant" "readonlyyuser_usage_wallet" { @@ -188,7 +161,7 @@ resource "postgresql_grant" "readonlyyuser_sequence_wallet" { role = "readonlyuser" schema = "wallet" object_type = "sequence" - privileges = ["SELECT"] + privileges = ["SELECT", "USAGE"] } resource "postgresql_grant" "readonlyyuser_usage_webmap" { @@ -206,7 +179,7 @@ resource "postgresql_grant" "readonlyyuser_sequence_webmap" { role = "readonlyuser" schema = "webmap" object_type = "sequence" - privileges = ["SELECT"] + privileges = ["SELECT", "USAGE"] } resource "postgresql_grant" "readonlyyuser_usage_airflow" { @@ -288,7 +261,7 @@ resource "postgresql_grant" "readonlyuser_sequence_earnings" { role = "readonlyuser" schema = "earnings" object_type = "sequence" - privileges = ["SELECT"] + privileges = ["SELECT", "USAGE"] } @@ -311,7 +284,7 @@ resource "postgresql_default_privileges" "read_only_reporting_sequence" { owner = "doadmin" object_type = "sequence" - privileges = ["SELECT"] + privileges = ["SELECT", "USAGE"] } resource "postgresql_default_privileges" "read_only_reporting_tables" { From 3511442b80b2ec412cbd55e69f492cb6f5bd3c86 Mon Sep 17 00:00:00 2001 From: dadiorchen Date: Mon, 6 Nov 2023 08:45:41 +0000 Subject: [PATCH 20/25] feat: caneploy to prod --- keycloak/lib/js/checkK8sClusterNameByEnv.js | 2 +- keycloak/lib/kubernetes/base/mapping.yaml | 4 ++-- .../production/deployment-raw-client.yaml | 14 ++++++++++++++ .../overlays/production/kustomization.yaml | 9 +++++++++ .../overlays/production/sealed-secret.yaml | 18 ++++++++++++++++++ 5 files changed, 44 insertions(+), 3 deletions(-) create mode 100644 keycloak/lib/kubernetes/overlays/production/deployment-raw-client.yaml create mode 100644 keycloak/lib/kubernetes/overlays/production/kustomization.yaml create mode 100644 keycloak/lib/kubernetes/overlays/production/sealed-secret.yaml diff --git a/keycloak/lib/js/checkK8sClusterNameByEnv.js b/keycloak/lib/js/checkK8sClusterNameByEnv.js index 4c986ec..3b747d8 100644 --- a/keycloak/lib/js/checkK8sClusterNameByEnv.js +++ b/keycloak/lib/js/checkK8sClusterNameByEnv.js @@ -7,7 +7,7 @@ const clusterName = process.argv[3]; const clusterNames = { dev: ['do-sfo2-dev-k8s-treetracker'], test: ['do-sfo2-test-k8s-treetracker'], - prod: ['do-sfo2-prod-k8s-treetracker'], + prod: ['do-nyc1-prod-k8s-treetracker'], }; if (clusterNames[env]?.includes(clusterName)) { diff --git a/keycloak/lib/kubernetes/base/mapping.yaml b/keycloak/lib/kubernetes/base/mapping.yaml index e4392a2..fa9e0ec 100644 --- a/keycloak/lib/kubernetes/base/mapping.yaml +++ b/keycloak/lib/kubernetes/base/mapping.yaml @@ -10,5 +10,5 @@ spec: rewrite: /keycloak/ timeout_ms: 0 # cors: - #origins: - # - "*" + # origins: + # - "*" diff --git a/keycloak/lib/kubernetes/overlays/production/deployment-raw-client.yaml b/keycloak/lib/kubernetes/overlays/production/deployment-raw-client.yaml new file mode 100644 index 0000000..c19b2ed --- /dev/null +++ b/keycloak/lib/kubernetes/overlays/production/deployment-raw-client.yaml @@ -0,0 +1,14 @@ +# deployment a test client for keycloak +apiVersion: apps/v1 +kind: Deployment +metadata: + name: treetracker-keycloak-raw-client + namespace: keycloak-next +spec: + template: + spec: + containers: + - name: treetracker-keycloak + env: + - name: RAW_CLIENT_URL + value: prod-k8s.treetracker.org diff --git a/keycloak/lib/kubernetes/overlays/production/kustomization.yaml b/keycloak/lib/kubernetes/overlays/production/kustomization.yaml new file mode 100644 index 0000000..767c247 --- /dev/null +++ b/keycloak/lib/kubernetes/overlays/production/kustomization.yaml @@ -0,0 +1,9 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +bases: + - ../../base +resources: + - sealed-secret.yaml +#patch +patchesStrategicMerge: + - deployment-raw-client.yaml diff --git a/keycloak/lib/kubernetes/overlays/production/sealed-secret.yaml b/keycloak/lib/kubernetes/overlays/production/sealed-secret.yaml new file mode 100644 index 0000000..13a0a2d --- /dev/null +++ b/keycloak/lib/kubernetes/overlays/production/sealed-secret.yaml @@ -0,0 +1,18 @@ +apiVersion: bitnami.com/v1alpha1 +kind: SealedSecret +metadata: + creationTimestamp: null + name: keycloak-secret + namespace: keycloak-next +spec: + encryptedData: + username: AgBi/g8WKOouW7ko9+wVlgXqZW/0U3Ei56W6R5YScFU5gvm9n/ssCZ7JFigf9sc6MmvcB2gxWQdZsQFhhrtqw8gEc0oab6vmJoYbE3KwPAU+nMf3lSAtLJ089JlidXmAU1XmN5WDoELJdVv/l6wtC5esbqcixK+o1xawD23VYYqbmhoy4SdZaroOQTRHyG6Jo0KfxrL5p7/IrfkRkavQhV9KvyfEimeSF94Z/a1hZkgyBr0jN7Lzs7tbj5qprjT4TQ5ylxq4KkzPRoTBls9mvtPdszERZl7nM2Og/nvI4NwejHKMQLGvxb25TySDdXivkJvk9r2ENLR625lz+s5p3HfDUIx0clCtCiEhObUq/yQbX14hpszasxRgKWixiEALARa/WLuLDJntku1MgjzM36+fc++/3U6+MXLojP3EPgqnSn54VIbE+S1FakTUWeKS5Ce2d3ZpPFMfkwSYmFDxJNIcqeIG+mQU6eXyPwceNYEtl0T5C+0Eh5l8qSFtc+akmAciMRLfIgqjZ0HM3Y9buOwInzqnpbwsYrLIIDfs1jGd6N2NraCtZdsA6EebAMrJ5+PuHfytMy3PAuBVfUMtmcoqDZRJA6sfo5ymToimCMo5KxK4wMQYPRsN7EacTHtf23mYUfpAJD+7qh8Bkf2CnCUtmmBUS26EfMtZRtSOZVinvzz+GQttGDjQPePvZ0qxINk+QSgKX9BlIm+s + password: AgDBdWpWc+IchjZ+4p/xmHblvDN6Kg3saVBJ/uJpJwG8WONqbnE8Sjwp6TRBj+t798f4FaJgHhx/MZeRco8OXsYjWjeOO69TvOuq4w0Atc7EQPacIcq5Rc05VVImG2Cs22EftpcRRsrtRgABLOpPKhwZc5NVY2od/l9MlQXnOOaRy1Een8EE/38IaH/xykCiQWca8ymfSzSFkpg6wyoMMdVc455DtD/XYL/0XfBNa8tihjpIH/VgMHujjWpmqliIdWf71qhQwe91KAePJ/V9eN8SH8ricygcmW9n/WJrig4PnOTdD+ZVOCw/Or+JaB4AJQcx+r+rNzMyCNmDbOps3DA4crX6geHXZopnRweZetUCtBliPsC14shJLsM+JTw8VJISeoS3byncQPtuZcCOHyBMdtiytMxrdQxLco7cEd+CuXaN7HyX262T2XjsYLW8M9US+DNZIyxAUserMh9hsH5QA9aWcbpg0HEMGFjFQV2ABVldMY+PjrYI9/3aHAr2U7EOqDGCoLN1wT7MpjyaLXyJi9OUiV1GQrnx07kEQN9Zmh5zNl2gYTVfnibC1DEI+uI/A3ribNBXx/Vgz62QuEshaBZUVh26ekkX486bav3Lo1Xtd+7pZDgj/9pJZP3nsivhmsTp+UrideLI2V8dECI7R+nmPFvfka0NYZtLtv3NFV4c4PPUbsk4G/PtOEc9GUCLcmEokx5V3k+5iGxKkGXLPWd7NxaPYBM= + host: AgAZtN13o10l5bcqcoapin4+mq3TQTONLRqQiCEHslK6hrqslzwwTfjVbQTluruqKvvFCzB9lIlCqEBq3nVvXaeB0F+JikedOqudi3ZKnZOkHzQxmtO4F3HV3+z2YlilF7O3+6gHHk9qrHxKjPJgxES6IgtkTe0HbsDUqgTuSDP/gTArdMmUdr1GnAkkTXdn22yOv7WRhlUFrc2ZGFjARtRwifeInZVQBjwevovpHr5eZ/hsUqljuDKzLhMDXb4ZDHWFr03xJrgWx+Y/jN9kVx8GWtAe67K/eDpUqXdJhU4tgsyzv8nFHuJ0DpAP+c2VoMQqsKd4ib6S82hTYvzIFAJu0P0ijGm8Ja1e61M5qpTnFXXSHEAXgcGqi8bjXgFNFxZjYPyLh77XTrslTPAe7C8gKxPLX5+rL4bqEMYyZo1k+d0fKQ0f7SMfF7nx8zdPvuTcvVIr48b42Za1aDxNJMmCRwpVt/inf+zfUNDUo37FhS9QHfCQOCeIT7iKaXQLwBzAuLWVYgsDdet6ropRZwzTrJApD5M7EzFo96qmn75RgBpZk75k3PlLANCWrkZQ+pZD+kuygeCAi+Ci7ILpA6ODpqZsDa4p71PsaBWrA7rqG1oeV8Tz+ccL6dCVNsEN+BazTNwbL/mraQzjX7S/zKbZHyOUlNqReYij+2EGWsoR2f7JF8G5475yPa3OS1gxxmC5qa3kvit7l3pVXDtb3ZQOD9gSUXcLhSpGP9a3h+dPUG9+tmj+wJd0EZ8J1+Pj0kLgVwrvRtVT87yYRtnr + admin_username: AgCDfzbnPEFcqyt43S8dPQdBy+PropM7xNKVGMadh9QVqrmrJ4tGiFschaoMJu1/dwamRTnUfNxR1B4beg78FNkr+e1j7dv408jVl844MTqNiCbmqNzz7G85olXu6JYs/UeXDxYlxJzNuRSq8c2iEYadNrJX06uW04XiJfwq7LUUaYUBSKemEl564gnQsPfIKbBFq+GbV4KOGHEk3Uj2zhJh444F6eF12hAZz1JkwI1vvO64T4Uo0Z3efaTBq/jGg/pCcdWT9vsh41pzGPWDvHucc0AEe58re1IZGAG1HOZXz9BR7RkOwPcZ9FG0dlKsayMi3298J/0MQEiNV09hpJvPhJ4NOdoGzjkomVZVq+BLW7I6s3P8UV//MvWMnx2XZNBHjZgPnM5laIb/zWDRmVV1fFgYFZ6VRH+egkTdMa0QAVEtMibGDHt8ckUrkFfgFKiaCUHiI6eWrBX8kwm2paY9JrerA//J/GLr9K2MY8FDtCpYTsssGvEShvkDD2oMBWJhOIXynN6gzhALyejjYRnXlVPmX1IB2rTH7IbKgsCKF4xuUJK9SK+IhepguY36w9mVKPh9WHy4F6s0p67jiXD5oRv29YehypbkEezKd4nBuRdsuO71GzLuKLiwnpSN4mir+/CPGzd3vhGlRyJ0Rd+FVTm49GiF4hfG2jIMQIxAldDAollytP8NsHDepcFrPOb4NTMG3Q== + admin_password: AgBL47X2qNNDs8T9G3sgxrBco9DYXsG1naYSN3OP2PcHMU9wt2dZtaHuB5oa9mZUa8650mzpCxamYw/7VyIndiMeN0vmAZz9r30UTDG+aKGSOyZf1HkRYxLaNpwqtElaFLD64K4oAU503QA1Rk5kRkH/DZ2aRE1eq2Z3B/JTeQDIQGv75mePhNn9m9ldBHC2/GMTvTh33iEtTK5HfFrEQfpsvY4X6rbs/mR9G4HNMwp4iy3yqOkU9CipZvsHkMoh/nqdP3LEUmn3mj23NXDHlTzDmIEKZsgFAzRL8oW2vggKTkuorUWdbAIe8OZkMQasWo57l5477tj2hwFt31uEy7HEhryzsQ6zDkqFZWxGwZDlmNKR774c6xIMNeWQ+S9k8TODBgSsnAvds1Oj5WbPFT75pKJCVGfi2G4Oe+lyFQnq2OzpHKbk0Uwr2LM8lPt8WW+LJlv2gXyGuHdnecYgcqAe4kegzWZaQDT5kIbkPTxSpFdbmWIAAgclhbkTVRTC8/h1Ka4xCY+hakLYQUEbOarE2Z2+nwstX3T28EVfXGm4PqihIbPfKJ61c9yo23tK8jXqRnzmyTvYJw0+5I462F8o+ixhvWpvVY+evkYEFnVz9ixP9mczQhW7dKUEaRsK9pVBf7HdsP+vDdGHlkOgQIkznRbAIHv4nDA1GCpH9/Kl14xAhnrUj/J8UNVVMS048edEV4R5lVKeXqKR+rw= + template: + metadata: + creationTimestamp: null + name: keycloak-secret + namespace: keycloak-next From f1253c598f6563d6a5ec0307a2247e9ea8c21e12 Mon Sep 17 00:00:00 2001 From: dadiorchen Date: Mon, 6 Nov 2023 10:03:34 +0000 Subject: [PATCH 21/25] feat: change password --- keycloak/lib/kubernetes/overlays/development/sealed-secret.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/keycloak/lib/kubernetes/overlays/development/sealed-secret.yaml b/keycloak/lib/kubernetes/overlays/development/sealed-secret.yaml index 6e876ec..02ea587 100644 --- a/keycloak/lib/kubernetes/overlays/development/sealed-secret.yaml +++ b/keycloak/lib/kubernetes/overlays/development/sealed-secret.yaml @@ -7,7 +7,7 @@ metadata: spec: encryptedData: username: AgCNGCcvcy43QqcOBxRhKNzIjwqmMZZDJFmdesMU6SYuVky0uEXTNtXpMo2kGvn1cv+4l3Rndb0wgfulODmeXJgfkSb/iiROmGdbfOGsvtlmGUySl5cdw6xm7jKfiUab3p/Iezjyhu8bvA9cFeivUzBWv25OcJTj8XkXXORQY3cGWuwlyspg1E1xv+ACXBuMvgspwDjb+JwVvY4SF8S5WQcjrKwK239djXb6JVfZxoA16xscOM1NpxXudMRyjm+RPixG5r6VAhyFYr/VB76OHiHNLUessxBCNEJ3yThu8w0b1QCq7jDc+xFmoLxm0KC+4tg8mng+kZsvj/EOJWIBX97LlC3kzlnMBXwgu23wmSLw8Ka53x0JOdMBkEATFxlxe8IuMQcYShTIeGzmLFLrkWdIwFscQ+SV2gZptNMczJevRGmg3kJILr4fjLO9z73U2/z7veZsf66yldklS7BoGkDss7HC9kjfA1BMIrUTfi9paM08kX+ZJ9UQtpf4BrUTZUGeEj3+D8DP4rXFBnhho+8+eMB/VCFyr8uccuBD4ml+dgACrWHLtiD6UHuJzwKx/tanWWYktfgWw6MTfTwKAgSdBMaV8PuLrAAnuNC+OHmWIGitXaE/bSiQlRL7NG2pGjPk4D5/j/2n1UTcKrVfDU5ObjCGBzRbOqfS589Lhb9+20sSI9YOYqbaGfPeo/ePdTv5o1HhOqHJowxb - password: AgAQ/7qh8AYrW8tDRfmKAHPNN0crHxWjut3WZ8gWvJ8bCErSseZE3nUTU4xJqh7xzwmswdOvH5iiqHamWfwZ2T8O1S0vUdxrM54m7viQyvYOb2webLTr0JplzOTARUUdKc7A8QVAurBAXIHpCbE4fWsYW96vUGJ+tEU3D2j0bYMZtjIYtZjPOec4uy8YO59P2T981k0cvVIrWm4pbvmFQFmziENdIU+Y9TtIJBivKenplp6+lGyp5kaFo2vNK4WP3AIf9fC99b6Zidv2JqGCyP3CvAvl0awqj2OneC+6N8nYh4tNPEi/zEJjzC8b6JuN1s6gtwRKQhqtl5headTKhciRbA7H7Sm2ZKUjiT0R5Lft5Wj/eziKWsa9LnysnM87e2GCJzBS0/YfPG2ntYOn/Tm2Icfrg/gXCQWerE5/FhorN4TXZ1Sm6eXYOy5ytH4WWFOzM/idFOYEc6AgV+9hpBxYWhTUoS5KPJ5R6NLZ3PeRIOIzkV7GP/lBIKOHcljQxCi8MBRksLpBjijld4Ij33mSYhM/dDhdJdf22L9obulvUVBzYPtaQu8o9SMpobq6s8U6hEPxcgnj4VIG/hTfKEYat92wX38JXzp3x2vgou++gX1bBS0w7YYBkcqHfZraCfDoYYSojGy7ViGOSUEzCLGPU1vyGxqVcu0EVIKsRmir+ASxDXhXM7X1FtZ6Rvk8JU1rQi+eGXQlRoKNieg+xDtV + password: AgBx2wD4kkgbkM//YkzldbXO9AucDCtehzle55NgDZXrFVY/eEeO9poirLZou3JqKbnDG7JyW0SuCNdJqeEc+EJEfQkB2MpTRAkBplPqaorP1DJnJbri/OOQKszLp6RUrwZJq6KvmQJmMI1Kxmt9PjSd2fllStkMIiLmBgVfhEyTt0KKl7sURPDKJz5midQQBYtqIFLoQwSac9XMLErm3/Sn836R4U8xrJjHuYAl5Wcr4OrVZ2Wxie27CUEpskLHU8efXoS556roX2itUBms0Ml6tEjJRKi7dJ9qSPeKWcYFcHVMHj8eC9sDRN204H9bAmPfc7P+jO9VVtt63mOhSYcs1R7bj4ohVCWKlxxKi5vZArnxv1c8MJoBKld7Yd4iBG/OQxiInLt4DTIntiEvIredv9O/SY3cLEKlauwpq9bzQgkl4FrRQ+SXidyJsQk1c16oG8zTib1M7UYcT1u1gH2zWtVrZHzO3zzpvopuh7d45XXf0aAp69+uD+15YhMkEi+i9Owt0n9SdWh4dvxRE8vT/9FaWLLmbMRVt7is6nKDjX3+EOFIR8efB0LFpgEvGwPqkPG6JanUnnFdvX4HDnob4Jp6DJSt8nME2AtKELWJ2jyqd4WkwhEGSi9/dLlHdJiFd8m4pKxECfNytzX81lMBVEiVnZN1xC912pH7Qv19R6jxc1trPZCx5LPaTJQMZxlhc5l+AAP2/gmoqMf+L2000qAaqyCXVY8= host: AgAvCMRMr45etq0BdXykCiNmo3EVzdHsuFcNj4cAzpWk2nMwg9ShK017hRtYx7xJrqJdOIoGzhOgqX/qTQ5BFws5A46kW6d2FXBFyfx4R5lDaMBjiaaY+VGg0lqEv68/wFHCSg75c9Wyvq91CmdMdad+sB5yxatEvMY9PqrDYPeDte2Ri274Qrxd/BmnhUrTMwfYhZ8/LTzPL5B5Iw80w5T4IaM5ZgDonRx0s92TJOf431MAdBdEVYVP2krErpxLDMHeqd8mnfe29zXMXfM3Ihl2SJeDkXow0vMNpmxmvaPpTItLP2IASptW8bR3EaAcWcTzZM3IguCzTxHs4H/+Xl8aE1BfX6RsAhTd2iXKnAdZLkbfF8ymKP8a7bSPVR2sZF7I1WHISLkbbop2kBTEdtItwMXkO/SwgCgNazENmFUCeQRpllrpkSpUjgMulacCWqpzv9dIGlOeFCKDFgqrZd3Pv6e/ut54mAXWZm5alMxR36l/PYBNh0TMuEkn6b38hEWUO45u9C2XbF0S9+h+BWz2Bt1ij3iSGkoFYSnAnMYXZ3t42s6xtG9Gq7+pRSQu6JoY+frU2RrMbuw+1fI0bBX+NsfUpDhqhEghg2p2rVf+SeS147OJ0QG8JtAdWTnaXtUJkE/PGBrp0b41TB2Q1mSW85xFmCv8kkE2AAv1MhPm4bGhIuFUtBYb1JVLtnER5L61pQzrqknee20gxS+ta5JcD63LbrOUtTu48Xqamji3G/lhkrwAS8O4TY3tBaihUbaJkOsSTtnqvWzDbeqDQFNKv9A= admin_username: AgA/X2kBuFzO8IEKhGNLwJi7NpsuoO54uhHYhNZzIxSWOFp/zouu5Ib4TXd8APk/GnGG/IN8FMbNzqHJQUNQS1mG2HV8/tHbzXda1pnf3RHDLZb5el8nS9ehFybx4yT+X6AbUwgCYuo5A6YtgeoHCDVi3wj02XSrxFgK498E7g1pbUXw9tQgI4hd1dgRXHahGv+cA8KD5jaLBv6wLo07H9TVtT5dY4ZnIAFoRkNQDhIVToAxLRBLJgsqKo90PrHo3EqX7riThbJsL0FEQR11JbfnnCTuj+wwzI8a3opmSVBxGpFs0d7d9oRYtRAsX9BJrWv2e14bEhoK9e/yAGlkHpQzvqnH9mZsvFKze3gXrbc+WUHK02SV4c4bL4ym+yG7xfTb6/0gIVytjFVM6C7YXQ4ltZl4cERzA/n+IWB1YKaU1ChdPtDcecQHgaxlaEPTL4MS3NOsV8jJDhmZgztYJZNJ+crfavx2CG1McBFdJohTKJZznSzE1BZHfJSnJo1N82FWff7ryf7gxToVusdAHxNQokZQ+uy1I3sa8BwDIp5PuuAl22qNfdHRag0TBBZw9aTBoLrnWpf/7JbKSrky6MHY28JaKKUnOywfwEux7HAzG65TVsXbzhvhb4C4MG6qL4cnlcxbKAcbZ81ci8HRMvpFMzBG63j1ijaoKkgozNXTt2Z1fdNhZTwuOhSYop9bQTSxoMqN9g== admin_password: AgBUBQAfA67jDNjdb7bc8zNLHnTBR/UAd5U1jxQTprCjxrNA1RAgzJhQCwQGyXdnKQsTiZcB+AzvvJcj4Q1fbrrQTlyZ8lRLCaydkUPIyjUDUTp/RHZ76kncdQ0aU8Rs2Io/sDbXNO3PA0uPFS9u+4dHTboAUTKr4IWK/Oeke2aX3i6LA6cZOfAjfKDEjHcDWkXecT+dY0vX1b0qWhtKezI1i43ylPMF7ilHcJXsaXvec8WCz3irKzLsV1iobBgD8UnVjbpgX/DUlLnnBd/TvTmg1hPlzhJqkwDZ8GMaEg4gUfxoZMHwoYKl15lM3XEF0iyjqd45k39Lo6hdv2fCCXVfx1J9tGXC1Etp0l8DQqLHlCoELxXVDgx6t7RDpwBb5cvTRONW7mR2qLw8JBC0tdKK0Uix9mJyB0OyRxwUkMsUV3c4WrdDt1AUv6+kPsSc64rm3hcMd2LpXZfc37lb0UPNDPc2xLoCitfl3AeJ50wP9G2m/FfyW8JBa3SBoymq0cnmFXm8yfC5yyWa1rqH0CmNKl5AnOhCKia45cH6r4OKGBmnbDZ7wSw4+QPTB9toXYJfqts0iPNR4TiE+OBzFIZ8W37jp/cbX6gKAz1h7ONKYx/Vd5lzHdyw0spo+wahXLZH3fIOT25BmSRympsNm/s+z5zykXp3TCP+HZoTyO1mXlONsgqYyXqU7te3jyvQNwed4QWWP+d2JbqMqS4= From bf8c8c204074a66fc539949ff538f81bc58cb47a Mon Sep 17 00:00:00 2001 From: dadiorchen Date: Fri, 17 Nov 2023 02:23:55 +0000 Subject: [PATCH 22/25] chore: typo --- keycloak/README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/keycloak/README.md b/keycloak/README.md index e8fd7d2..4705d51 100644 --- a/keycloak/README.md +++ b/keycloak/README.md @@ -3,7 +3,7 @@ ## Prerequisites - Node.js -- kubeclt ? +- kubectl ? ### To install prerequisites From 4c84bb5b5a66dc5055fbeb47a4986b0420ad4555 Mon Sep 17 00:00:00 2001 From: dadiorchen Date: Fri, 17 Nov 2023 02:34:11 +0000 Subject: [PATCH 23/25] fix: fixed keycloak version --- keycloak/lib/docker/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/keycloak/lib/docker/Dockerfile b/keycloak/lib/docker/Dockerfile index dd61cdd..ac25522 100644 --- a/keycloak/lib/docker/Dockerfile +++ b/keycloak/lib/docker/Dockerfile @@ -4,7 +4,7 @@ #FROM quay.io/keycloak/keycloak:22.0.4 #ENTRYPOINT ["/opt/keycloak/bin/kc.sh"] -FROM quay.io/keycloak/keycloak:latest as builder +FROM quay.io/keycloak/keycloak:22.0.4 as builder ENV KC_HEALTH_ENABLED=true ENV KC_METRICS_ENABLED=true From 64a9f3242e19e85f05a687b60bbcb669bcb3cdeb Mon Sep 17 00:00:00 2001 From: dadiorchen Date: Sat, 18 Nov 2023 09:11:29 +0000 Subject: [PATCH 24/25] feat: add wallet operatoer permission --- database-grants/terraform/README.md | 5 ++++ database-grants/terraform/dev/main.tf | 8 +++++++ database-grants/terraform/dev/other | 1 + database-grants/terraform/dev/schemas/wallet | 1 + database-grants/terraform/prod/extra/main.tf | 24 +++++++++++++++++++ .../terraform/prod/extra/provider.tf | 8 +++++++ database-grants/terraform/prod/main.tf | 10 ++++++++ .../terraform/prod/prod.env.tfvars | 4 ++-- .../terraform/prod/schemas/wallet/main.tf | 2 -- 9 files changed, 59 insertions(+), 4 deletions(-) create mode 120000 database-grants/terraform/dev/other create mode 120000 database-grants/terraform/dev/schemas/wallet create mode 100644 database-grants/terraform/prod/extra/main.tf create mode 100644 database-grants/terraform/prod/extra/provider.tf diff --git a/database-grants/terraform/README.md b/database-grants/terraform/README.md index 7f4e2a6..bd1bd05 100644 --- a/database-grants/terraform/README.md +++ b/database-grants/terraform/README.md @@ -1,3 +1,8 @@ +# Prerequisites + +- Terraform 1.4.6 , please stick to this version for now, tested 1.6.x, it brings issue with the Dititalocean storage as backend + + # How to set up terraform Find your digitalocean spaces access key and secret key here: https://cloud.digitalocean.com/account/api/spaces?i=d79377 diff --git a/database-grants/terraform/dev/main.tf b/database-grants/terraform/dev/main.tf index de732df..5e55477 100644 --- a/database-grants/terraform/dev/main.tf +++ b/database-grants/terraform/dev/main.tf @@ -81,3 +81,11 @@ module "keycloak_schema" { postgresql = postgresql.treetracker } } + + +module "wallet_schema" { + source = "./schemas/wallet" + providers = { + postgresql = postgresql.treetracker + } +} diff --git a/database-grants/terraform/dev/other b/database-grants/terraform/dev/other new file mode 120000 index 0000000..b492abe --- /dev/null +++ b/database-grants/terraform/dev/other @@ -0,0 +1 @@ +../prod/other \ No newline at end of file diff --git a/database-grants/terraform/dev/schemas/wallet b/database-grants/terraform/dev/schemas/wallet new file mode 120000 index 0000000..7918131 --- /dev/null +++ b/database-grants/terraform/dev/schemas/wallet @@ -0,0 +1 @@ +../../prod/schemas/wallet/ \ No newline at end of file diff --git a/database-grants/terraform/prod/extra/main.tf b/database-grants/terraform/prod/extra/main.tf new file mode 100644 index 0000000..3ee78b2 --- /dev/null +++ b/database-grants/terraform/prod/extra/main.tf @@ -0,0 +1,24 @@ +resource "postgresql_grant" "wallet-operator-schema" { + database = "treetracker" + role = "wallet_operator" + schema = "wallet" + object_type = "schema" + privileges = ["USAGE", "CREATE"] +} + +resource "postgresql_grant" "wallet-operator-table" { + database = "treetracker" + role = "wallet_operator" + schema = "wallet" + object_type = "table" + privileges = ["SELECT", "INSERT", "UPDATE", "DELETE"] +} + +resource "postgresql_grant" "wallet-operator-seq" { + database = "treetracker" + role = "wallet_operator" + schema = "wallet" + object_type = "sequence" + privileges = ["USAGE", "SELECT"] + +} diff --git a/database-grants/terraform/prod/extra/provider.tf b/database-grants/terraform/prod/extra/provider.tf new file mode 100644 index 0000000..7c80654 --- /dev/null +++ b/database-grants/terraform/prod/extra/provider.tf @@ -0,0 +1,8 @@ +terraform { + required_providers { + postgresql = { + source = "cyrilgdn/postgresql" + version = "1.11.0" + } + } +} diff --git a/database-grants/terraform/prod/main.tf b/database-grants/terraform/prod/main.tf index 55c15a3..46ea5ed 100644 --- a/database-grants/terraform/prod/main.tf +++ b/database-grants/terraform/prod/main.tf @@ -90,3 +90,13 @@ module "keycloak_schema" { postgresql = postgresql.treetracker } } + +module "extra" { + source = "./extra" + providers = { + postgresql = postgresql.treetracker + } + depends_on = [ + module.wallet_schema + ] +} diff --git a/database-grants/terraform/prod/prod.env.tfvars b/database-grants/terraform/prod/prod.env.tfvars index fc6f324..daff614 100644 --- a/database-grants/terraform/prod/prod.env.tfvars +++ b/database-grants/terraform/prod/prod.env.tfvars @@ -1,2 +1,2 @@ -port = "1111" -host = "localhost" +port = "25060" +host = "treetracker-cluster-do-user-8540031-0.b.db.ondigitalocean.com" diff --git a/database-grants/terraform/prod/schemas/wallet/main.tf b/database-grants/terraform/prod/schemas/wallet/main.tf index b2a0855..30dcb6c 100644 --- a/database-grants/terraform/prod/schemas/wallet/main.tf +++ b/database-grants/terraform/prod/schemas/wallet/main.tf @@ -3,5 +3,3 @@ module "microservice_schema" { source = "./../../modules/microservice_schema" schema = "wallet" } - - From 64321c74c147d931341b9554b22580b54208b491 Mon Sep 17 00:00:00 2001 From: dadiorchen Date: Tue, 21 Nov 2023 04:00:07 +0000 Subject: [PATCH 25/25] fix: db grant problem with function; wallet opeator permission --- database-grants/terraform/prod/extra/main.tf | 104 ++++++++++++++++++ database-grants/terraform/prod/main.tf | 7 -- .../terraform/prod/schemas/query/main.tf | 88 --------------- .../terraform/prod/schemas/query/provider.tf | 8 -- 4 files changed, 104 insertions(+), 103 deletions(-) delete mode 100644 database-grants/terraform/prod/schemas/query/main.tf delete mode 100644 database-grants/terraform/prod/schemas/query/provider.tf diff --git a/database-grants/terraform/prod/extra/main.tf b/database-grants/terraform/prod/extra/main.tf index 3ee78b2..3e575c0 100644 --- a/database-grants/terraform/prod/extra/main.tf +++ b/database-grants/terraform/prod/extra/main.tf @@ -22,3 +22,107 @@ resource "postgresql_grant" "wallet-operator-seq" { privileges = ["USAGE", "SELECT"] } + +resource "postgresql_grant" "wallet-operator-schema-public" { + database = "treetracker" + role = "wallet_operator" + schema = "public" + object_type = "schema" + privileges = ["USAGE", "CREATE"] +} + +resource "postgresql_grant" "wallet-operator-table-public" { + database = "treetracker" + role = "wallet_operator" + schema = "public" + object_type = "table" + privileges = ["SELECT", "INSERT", "UPDATE", "DELETE"] +} + + +resource "postgresql_grant" "wallet-operator-seq-public" { + database = "treetracker" + role = "wallet_operator" + schema = "public" + object_type = "sequence" + privileges = ["USAGE", "SELECT"] + +} + + +resource "postgresql_grant" "wallet-operator-schema-herbarium" { + database = "treetracker" + role = "wallet_operator" + schema = "herbarium" + object_type = "schema" + privileges = ["USAGE", "CREATE"] +} + +resource "postgresql_grant" "wallet-operator-table-herbarium" { + database = "treetracker" + role = "wallet_operator" + schema = "herbarium" + object_type = "table" + privileges = ["SELECT", "INSERT", "UPDATE", "DELETE"] +} + + +resource "postgresql_grant" "wallet-operator-seq-herbarium" { + database = "treetracker" + role = "wallet_operator" + schema = "herbarium" + object_type = "sequence" + privileges = ["USAGE", "SELECT"] +} + + +resource "postgresql_grant" "wallet-operator-schema-stakeholder" { + database = "treetracker" + role = "wallet_operator" + schema = "stakeholder" + object_type = "schema" + privileges = ["USAGE", "CREATE"] +} + +resource "postgresql_grant" "wallet-operator-table-stakeholder" { + database = "treetracker" + role = "wallet_operator" + schema = "stakeholder" + object_type = "table" + privileges = ["SELECT", "INSERT", "UPDATE", "DELETE"] +} + + +resource "postgresql_grant" "wallet-operator-seq-stakeholder" { + database = "treetracker" + role = "wallet_operator" + schema = "stakeholder" + object_type = "sequence" + privileges = ["USAGE", "SELECT"] +} + + +resource "postgresql_grant" "wallet-operator-schema-treetracker" { + database = "treetracker" + role = "wallet_operator" + schema = "treetracker" + object_type = "schema" + privileges = ["USAGE", "CREATE"] +} + +resource "postgresql_grant" "wallet-operator-table-treetracker" { + database = "treetracker" + role = "wallet_operator" + schema = "treetracker" + object_type = "table" + privileges = ["SELECT", "INSERT", "UPDATE", "DELETE"] +} + + +resource "postgresql_grant" "wallet-operator-seq-treetracker" { + database = "treetracker" + role = "wallet_operator" + schema = "treetracker" + object_type = "sequence" + privileges = ["USAGE", "SELECT"] +} diff --git a/database-grants/terraform/prod/main.tf b/database-grants/terraform/prod/main.tf index 46ea5ed..9a55a88 100644 --- a/database-grants/terraform/prod/main.tf +++ b/database-grants/terraform/prod/main.tf @@ -56,13 +56,6 @@ module "messaging_schema" { } } -module "query_schema" { - source = "./schemas/query" - providers = { - postgresql = postgresql.treetracker - } -} - module "stakeholder_schema" { source = "./schemas/stakeholder" providers = { diff --git a/database-grants/terraform/prod/schemas/query/main.tf b/database-grants/terraform/prod/schemas/query/main.tf deleted file mode 100644 index d636a82..0000000 --- a/database-grants/terraform/prod/schemas/query/main.tf +++ /dev/null @@ -1,88 +0,0 @@ - -module "microservice_schema" { - source = "./../../modules/microservice_schema" - schema = "query" -} - -resource "postgresql_grant" "query_messaging_schema" { - database = "treetracker" - role = "s_query" - schema = "messaging" - object_type = "schema" - privileges = ["USAGE"] -} - -resource "postgresql_grant" "query_messaging_tables" { - database = "treetracker" - role = "s_query" - schema = "messaging" - object_type = "table" - privileges = ["SELECT"] -} - -resource "postgresql_grant" "query_treetracker_schema" { - database = "treetracker" - role = "s_query" - schema = "treetracker" - object_type = "schema" - privileges = ["USAGE"] -} - -resource "postgresql_grant" "query_treetracker_tables" { - database = "treetracker" - role = "s_query" - schema = "treetracker" - object_type = "table" - privileges = ["SELECT"] -} - -resource "postgresql_grant" "query_stakeholder_schema" { - database = "treetracker" - role = "s_query" - schema = "stakeholder" - object_type = "schema" - privileges = ["USAGE"] -} - -resource "postgresql_grant" "query_stakeholder_tables" { - database = "treetracker" - role = "s_query" - schema = "stakeholder" - object_type = "table" - privileges = ["SELECT"] -} - -resource "postgresql_grant" "query_regions_schema" { - database = "treetracker" - role = "s_query" - schema = "regions" - object_type = "schema" - privileges = ["USAGE"] -} - -resource "postgresql_grant" "query_regions_tables" { - database = "treetracker" - role = "s_query" - schema = "regions" - object_type = "table" - privileges = ["SELECT"] -} - -resource "postgresql_grant" "query_public_schema" { - database = "treetracker" - role = "s_query" - schema = "public" - object_type = "schema" - privileges = ["USAGE"] -} - -resource "postgresql_grant" "query_public_function" { - database = "treetracker" - role = "s_query" - schema = "public" - object_type = "function" - privileges = ["EXECUTE"] -} - - - diff --git a/database-grants/terraform/prod/schemas/query/provider.tf b/database-grants/terraform/prod/schemas/query/provider.tf deleted file mode 100644 index 7c80654..0000000 --- a/database-grants/terraform/prod/schemas/query/provider.tf +++ /dev/null @@ -1,8 +0,0 @@ -terraform { - required_providers { - postgresql = { - source = "cyrilgdn/postgresql" - version = "1.11.0" - } - } -}