Skip to content

Commit

Permalink
Adapt deploy_via_helm-dev.sh script to install keycloak in kind clust…
Browse files Browse the repository at this point in the history 
…er local
  • Loading branch information
@jreynard-code
jreynard-code committed Jul 19, 2023
1 parent 3011303 commit b426b34
Show file tree
Hide file tree
Showing 3 changed files with 45 additions and 5 deletions.
47 changes: 44 additions & 3 deletions api/kubernetes/deploy_via_helm-dev.sh
View file
Original file line number Diff line number Diff line change
Expand Up @@ -24,6 +24,9 @@ help() {
echo "- PROM_REPLICAS_NUMBER | number of prometheus replicas (default is 1)"
echo "- PROM_ADMIN_PASSWORD | admin password for grafana (generated if not specified)"
echo "- REDIS_ADMIN_PASSWORD | admin password for redis (generated if not specified)"
echo "- KEYCLOAK_ADMIN_PASSWORD | admin password for keycloak (generated if not specified)"
echo "- KEYCLOAK_DB_PASSWORD | admin password for keycloak db (generated if not specified)"
echo "- KEYCLOAK_DB_USER_PASSWORD | admin password for keycloak db user (generated if not specified)"
echo
echo "Usage: ./$(basename "$0") API_IMAGE_TAG NAMESPACE ARGO_POSTGRESQL_PASSWORD API_VERSION [any additional options to pass as is to the cosmotech-api Helm Chart]"
}
Expand Down Expand Up @@ -59,6 +62,7 @@ export VERSION_REDIS_COSMOTECH="1.0.2"
export VERSION_REDIS_INSIGHT="0.1.0"
export INGRESS_NGINX_VERSION="4.2.5"
export PROMETHEUS_STACK_VERSION="45.0.0"
export KEYCLOAK_VERSION="13.4.1"

export ARGO_DATABASE=argo_workflows
export ARGO_POSTGRESQL_USER=argo
Expand All @@ -73,7 +77,7 @@ HELM_CHARTS_BASE_PATH=$(realpath "$(dirname "$0")")
WORKING_DIR=$(mktemp -d -t cosmotech-api-helm-XXXXXXXXXX)
echo "[info] Working directory: ${WORKING_DIR}"
pushd "${WORKING_DIR}"

export KEYCLOAK_NAMESPACE="keycloak"

# Create namespace if it does not exist
kubectl create namespace "${NAMESPACE}" --dry-run=client -o yaml | kubectl apply -f -
Expand All @@ -82,12 +86,12 @@ kubectl create namespace "${NAMESPACE}" --dry-run=client -o yaml | kubectl apply
export COSMOTECH_API_RELEASE_NAME="cosmotech-api-${API_VERSION}"
export REDIS_PORT=6379
REDIS_PASSWORD=${REDIS_ADMIN_PASSWORD:-$(kubectl get secret --namespace ${NAMESPACE} cosmotechredis -o jsonpath="{.data.redis-password}" | base64 -d || "")}
if [[ -z $REDIS_PASSWORD ]] ; then
if [[ -z "${REDIS_PASSWORD}" ]] ; then
REDIS_PASSWORD=$(date +%s | sha256sum | base64 | head -c 32)
fi

PROM_PASSWORD=${PROM_ADMIN_PASSWORD:-$(kubectl get secret --namespace ${NAMESPACE}-monitoring prometheus-operator-grafana -o jsonpath="{.data.admin-password}" | base64 -d || "")}
if [[ -z PROM_PASSWORD ]] ; then
if [[ -z "${PROM_PASSWORD}" ]] ; then
PROM_PASSWORD=$(date +%s | sha256sum | base64 | head -c 32)
fi

Expand Down Expand Up @@ -118,6 +122,43 @@ helm upgrade --install prometheus-operator prometheus-community/kube-prometheus-
--version ${PROMETHEUS_STACK_VERSION} \
--values "${WORKING_DIR}/kube-prometheus-stack.yaml"


# Create namespace keycloak if it does not exist
kubectl create namespace ${KEYCLOAK_NAMESPACE} --dry-run=client -o yaml | kubectl apply -f -

KEYCLOAK_ADM_PASSWORD=${KEYCLOAK_ADMIN_PASSWORD:-$(kubectl get secret --namespace ${KEYCLOAK_NAMESPACE} csm-keycloak -o jsonpath="{.data.admin-password}" | base64 -d || "")}
if [[ -z "${KEYCLOAK_ADM_PASSWORD}" ]] ; then
KEYCLOAK_ADM_PASSWORD=$(date +%s | sha256sum | base64 | head -c 32)
fi

KEYCLOAK_DB_PASS=${KEYCLOAK_DB_PASSWORD:-$(kubectl get secret --namespace ${KEYCLOAK_NAMESPACE} csm-keycloak-postgresql -o jsonpath="{.data.postgres-password}" | base64 -d || "")}
if [[ -z "${KEYCLOAK_DB_PASS}" ]] ; then
KEYCLOAK_DB_PASS=$(date +%s | sha256sum | base64 | head -c 32)
fi

KEYCLOAK_DB_USER_PASS=${KEYCLOAK_DB_USER_PASSWORD:-$(kubectl get secret --namespace ${KEYCLOAK_NAMESPACE} csm-keycloak-postgresql -o jsonpath="{.data.password}" | base64 -d || "")}
if [[ -z "${KEYCLOAK_DB_USER_PASS}" ]] ; then
KEYCLOAK_DB_USER_PASS=$(date +%s | sha256sum | base64 | head -c 32)
fi

curl -sSL "https://raw.githubusercontent.com/Cosmo-Tech/azure-platform-deployment-tools/JREY/keycloak/deployment_scripts/v3.0/values-keycloak-config-map-template.yaml" \
-o "${WORKING_DIR}"/values-keycloak-config-map-template.yaml

curl -sSL "https://raw.githubusercontent.com/Cosmo-Tech/azure-platform-deployment-tools/JREY/keycloak/deployment_scripts/v3.0/csm-keycloak-config-map.yaml" \
-o "${WORKING_DIR}"/csm-keycloak-config-map.yaml

# Create config map for Keycloak base configuration
kubectl create configmap csm-keycloak-map -n ${KEYCLOAK_NAMESPACE} --from-file=csm-keycloak-config-map.yaml

KEYCLOAK_ADM_PASSWORD_VAR=${KEYCLOAK_ADM_PASSWORD} \
KEYCLOAK_DB_PASS_VAR=${KEYCLOAK_DB_PASS} \
KEYCLOAK_DB_USER_PASS_VAR=${KEYCLOAK_DB_USER_PASS} \
envsubst < "${WORKING_DIR}"/values-keycloak-config-map-template.yaml > "${WORKING_DIR}"/values-keycloak-config-map.yaml

helm install csm-keycloak bitnami/keycloak -n ${KEYCLOAK_NAMESPACE} --version ${KEYCLOAK_VERSION} \
--values values-keycloak-config-map.yaml


# nginx
kubectl create namespace "${NAMESPACE_NGINX}" --dry-run=client -o yaml | kubectl apply -f -
helm repo add ingress-nginx https://kubernetes.github.io/ingress-nginx
Expand Down
2 changes: 0 additions & 2 deletions api/src/main/resources/application-keycloak.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -11,8 +11,6 @@ management:
include: "readinessState"

spring:
main:
allow-bean-definition-overriding: true
security:
oauth2:
resource-server:
Expand Down
1 change: 1 addition & 0 deletions build.gradle.kts
View file
Original file line number Diff line number Diff line change
Expand Up @@ -104,6 +104,7 @@ allprojects {
apply(plugin = "org.owasp.dependencycheck")

repositories {
mavenLocal()
maven {
name = "GitHubPackages"
url = uri("https://maven.pkg.github.com/Cosmo-Tech/cosmotech-api-common")
Expand Down

0 comments on commit b426b34

Please sign in to comment.