From b426b340fef5c5a46d6a38619ab79cd59e254506 Mon Sep 17 00:00:00 2001 From: jreynard Date: Tue, 18 Jul 2023 16:43:02 +0200 Subject: [PATCH] Adapt deploy_via_helm-dev.sh script to install keycloak in kind cluster local --- api/kubernetes/deploy_via_helm-dev.sh | 47 +++++++++++++++++-- .../main/resources/application-keycloak.yml | 2 - build.gradle.kts | 1 + 3 files changed, 45 insertions(+), 5 deletions(-) diff --git a/api/kubernetes/deploy_via_helm-dev.sh b/api/kubernetes/deploy_via_helm-dev.sh index e0eb36f49..83360207e 100755 --- a/api/kubernetes/deploy_via_helm-dev.sh +++ b/api/kubernetes/deploy_via_helm-dev.sh @@ -24,6 +24,9 @@ help() { echo "- PROM_REPLICAS_NUMBER | number of prometheus replicas (default is 1)" echo "- PROM_ADMIN_PASSWORD | admin password for grafana (generated if not specified)" echo "- REDIS_ADMIN_PASSWORD | admin password for redis (generated if not specified)" + echo "- KEYCLOAK_ADMIN_PASSWORD | admin password for keycloak (generated if not specified)" + echo "- KEYCLOAK_DB_PASSWORD | admin password for keycloak db (generated if not specified)" + echo "- KEYCLOAK_DB_USER_PASSWORD | admin password for keycloak db user (generated if not specified)" echo echo "Usage: ./$(basename "$0") API_IMAGE_TAG NAMESPACE ARGO_POSTGRESQL_PASSWORD API_VERSION [any additional options to pass as is to the cosmotech-api Helm Chart]" } @@ -59,6 +62,7 @@ export VERSION_REDIS_COSMOTECH="1.0.2" export VERSION_REDIS_INSIGHT="0.1.0" export INGRESS_NGINX_VERSION="4.2.5" export PROMETHEUS_STACK_VERSION="45.0.0" +export KEYCLOAK_VERSION="13.4.1" export ARGO_DATABASE=argo_workflows export ARGO_POSTGRESQL_USER=argo @@ -73,7 +77,7 @@ HELM_CHARTS_BASE_PATH=$(realpath "$(dirname "$0")") WORKING_DIR=$(mktemp -d -t cosmotech-api-helm-XXXXXXXXXX) echo "[info] Working directory: ${WORKING_DIR}" pushd "${WORKING_DIR}" - +export KEYCLOAK_NAMESPACE="keycloak" # Create namespace if it does not exist kubectl create namespace "${NAMESPACE}" --dry-run=client -o yaml | kubectl apply -f - @@ -82,12 +86,12 @@ kubectl create namespace "${NAMESPACE}" --dry-run=client -o yaml | kubectl apply export COSMOTECH_API_RELEASE_NAME="cosmotech-api-${API_VERSION}" export REDIS_PORT=6379 REDIS_PASSWORD=${REDIS_ADMIN_PASSWORD:-$(kubectl get secret --namespace ${NAMESPACE} cosmotechredis -o jsonpath="{.data.redis-password}" | base64 -d || "")} -if [[ -z $REDIS_PASSWORD ]] ; then +if [[ -z "${REDIS_PASSWORD}" ]] ; then REDIS_PASSWORD=$(date +%s | sha256sum | base64 | head -c 32) fi PROM_PASSWORD=${PROM_ADMIN_PASSWORD:-$(kubectl get secret --namespace ${NAMESPACE}-monitoring prometheus-operator-grafana -o jsonpath="{.data.admin-password}" | base64 -d || "")} -if [[ -z PROM_PASSWORD ]] ; then +if [[ -z "${PROM_PASSWORD}" ]] ; then PROM_PASSWORD=$(date +%s | sha256sum | base64 | head -c 32) fi @@ -118,6 +122,43 @@ helm upgrade --install prometheus-operator prometheus-community/kube-prometheus- --version ${PROMETHEUS_STACK_VERSION} \ --values "${WORKING_DIR}/kube-prometheus-stack.yaml" + +# Create namespace keycloak if it does not exist +kubectl create namespace ${KEYCLOAK_NAMESPACE} --dry-run=client -o yaml | kubectl apply -f - + +KEYCLOAK_ADM_PASSWORD=${KEYCLOAK_ADMIN_PASSWORD:-$(kubectl get secret --namespace ${KEYCLOAK_NAMESPACE} csm-keycloak -o jsonpath="{.data.admin-password}" | base64 -d || "")} +if [[ -z "${KEYCLOAK_ADM_PASSWORD}" ]] ; then + KEYCLOAK_ADM_PASSWORD=$(date +%s | sha256sum | base64 | head -c 32) +fi + +KEYCLOAK_DB_PASS=${KEYCLOAK_DB_PASSWORD:-$(kubectl get secret --namespace ${KEYCLOAK_NAMESPACE} csm-keycloak-postgresql -o jsonpath="{.data.postgres-password}" | base64 -d || "")} +if [[ -z "${KEYCLOAK_DB_PASS}" ]] ; then + KEYCLOAK_DB_PASS=$(date +%s | sha256sum | base64 | head -c 32) +fi + +KEYCLOAK_DB_USER_PASS=${KEYCLOAK_DB_USER_PASSWORD:-$(kubectl get secret --namespace ${KEYCLOAK_NAMESPACE} csm-keycloak-postgresql -o jsonpath="{.data.password}" | base64 -d || "")} +if [[ -z "${KEYCLOAK_DB_USER_PASS}" ]] ; then + KEYCLOAK_DB_USER_PASS=$(date +%s | sha256sum | base64 | head -c 32) +fi + +curl -sSL "https://raw.githubusercontent.com/Cosmo-Tech/azure-platform-deployment-tools/JREY/keycloak/deployment_scripts/v3.0/values-keycloak-config-map-template.yaml" \ + -o "${WORKING_DIR}"/values-keycloak-config-map-template.yaml + +curl -sSL "https://raw.githubusercontent.com/Cosmo-Tech/azure-platform-deployment-tools/JREY/keycloak/deployment_scripts/v3.0/csm-keycloak-config-map.yaml" \ + -o "${WORKING_DIR}"/csm-keycloak-config-map.yaml + +# Create config map for Keycloak base configuration +kubectl create configmap csm-keycloak-map -n ${KEYCLOAK_NAMESPACE} --from-file=csm-keycloak-config-map.yaml + +KEYCLOAK_ADM_PASSWORD_VAR=${KEYCLOAK_ADM_PASSWORD} \ +KEYCLOAK_DB_PASS_VAR=${KEYCLOAK_DB_PASS} \ +KEYCLOAK_DB_USER_PASS_VAR=${KEYCLOAK_DB_USER_PASS} \ +envsubst < "${WORKING_DIR}"/values-keycloak-config-map-template.yaml > "${WORKING_DIR}"/values-keycloak-config-map.yaml + +helm install csm-keycloak bitnami/keycloak -n ${KEYCLOAK_NAMESPACE} --version ${KEYCLOAK_VERSION} \ + --values values-keycloak-config-map.yaml + + # nginx kubectl create namespace "${NAMESPACE_NGINX}" --dry-run=client -o yaml | kubectl apply -f - helm repo add ingress-nginx https://kubernetes.github.io/ingress-nginx diff --git a/api/src/main/resources/application-keycloak.yml b/api/src/main/resources/application-keycloak.yml index 5a3e46bcb..fbb92c450 100644 --- a/api/src/main/resources/application-keycloak.yml +++ b/api/src/main/resources/application-keycloak.yml @@ -11,8 +11,6 @@ management: include: "readinessState" spring: - main: - allow-bean-definition-overriding: true security: oauth2: resource-server: diff --git a/build.gradle.kts b/build.gradle.kts index 2dcaedaa0..838803e78 100644 --- a/build.gradle.kts +++ b/build.gradle.kts @@ -104,6 +104,7 @@ allprojects { apply(plugin = "org.owasp.dependencycheck") repositories { + mavenLocal() maven { name = "GitHubPackages" url = uri("https://maven.pkg.github.com/Cosmo-Tech/cosmotech-api-common")