Created
March 26, 2023 21:27
-
-
Save flavienbwk/669a06fece0b23db8978779ea67d6689 to your computer and use it in GitHub Desktop.
Script for installing Keycloak with self-signed certificate on a Kubernetes cluster.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| kubectl apply -f - <<EOF | |
| --- | |
| apiVersion: v1 | |
| kind: Namespace | |
| metadata: | |
| name: keycloak | |
| --- | |
| apiVersion: cert-manager.io/v1 | |
| kind: Issuer | |
| metadata: | |
| name: keycloak-selfsigned | |
| namespace: keycloak | |
| labels: | |
| app: keycloak | |
| spec: | |
| selfSigned: {} | |
| --- | |
| apiVersion: cert-manager.io/v1 | |
| kind: Certificate | |
| metadata: | |
| name: keycloak-selfsigned | |
| namespace: keycloak | |
| labels: | |
| app: keycloak | |
| spec: | |
| isCA: true | |
| commonName: keycloak-selfsigned-ca | |
| privateKey: | |
| algorithm: ECDSA | |
| size: 256 | |
| issuerRef: | |
| name: keycloak-selfsigned | |
| kind: Issuer | |
| group: cert-manager.io | |
| secretName: ca.crt | |
| --- | |
| apiVersion: cert-manager.io/v1 | |
| kind: Issuer | |
| metadata: | |
| name: keycloak | |
| namespace: keycloak | |
| labels: | |
| app: keycloak | |
| spec: | |
| ca: | |
| secretName: ca.crt | |
| --- | |
| apiVersion: cert-manager.io/v1 | |
| kind: Certificate | |
| metadata: | |
| name: keycloak | |
| namespace: keycloak | |
| labels: | |
| app: keycloak | |
| spec: | |
| isCA: false | |
| commonName: keycloak | |
| dnsNames: | |
| - keycloak.$CLUSTER_IP.nip.io | |
| privateKey: | |
| algorithm: RSA | |
| encoding: PKCS1 | |
| size: 4096 | |
| issuerRef: | |
| kind: Issuer | |
| name: keycloak | |
| group: cert-manager.io | |
| secretName: keycloak.tls | |
| subject: | |
| organizations: | |
| - Local Eclipse Che | |
| usages: | |
| - server auth | |
| - digital signature | |
| - key encipherment | |
| - key agreement | |
| - data encipherment | |
| --- | |
| apiVersion: v1 | |
| kind: Service | |
| metadata: | |
| name: keycloak | |
| namespace: keycloak | |
| labels: | |
| app: keycloak | |
| spec: | |
| ports: | |
| - name: http | |
| port: 8080 | |
| targetPort: 8080 | |
| selector: | |
| app: keycloak | |
| type: LoadBalancer | |
| --- | |
| apiVersion: apps/v1 | |
| kind: Deployment | |
| metadata: | |
| name: keycloak | |
| namespace: keycloak | |
| labels: | |
| app: keycloak | |
| spec: | |
| replicas: 1 | |
| selector: | |
| matchLabels: | |
| app: keycloak | |
| template: | |
| metadata: | |
| labels: | |
| app: keycloak | |
| spec: | |
| containers: | |
| - name: keycloak | |
| image: quay.io/keycloak/keycloak:20.0.3 | |
| args: ["start-dev"] | |
| env: | |
| - name: KEYCLOAK_ADMIN | |
| value: "admin" | |
| - name: KEYCLOAK_ADMIN_PASSWORD | |
| value: "admin" | |
| - name: KC_PROXY | |
| value: "edge" | |
| ports: | |
| - name: http | |
| containerPort: 8080 | |
| readinessProbe: | |
| httpGet: | |
| path: /realms/master | |
| port: 8080 | |
| --- | |
| apiVersion: networking.k8s.io/v1 | |
| kind: Ingress | |
| metadata: | |
| name: keycloak | |
| namespace: keycloak | |
| annotations: | |
| kubernetes.io/ingress.class: nginx | |
| nginx.ingress.kubernetes.io/proxy-connect-timeout: '3600' | |
| nginx.ingress.kubernetes.io/proxy-read-timeout: '3600' | |
| nginx.ingress.kubernetes.io/ssl-redirect: 'true' | |
| spec: | |
| tls: | |
| - hosts: | |
| - keycloak.$CLUSTER_IP.nip.io | |
| secretName: keycloak.tls | |
| rules: | |
| - host: keycloak.$CLUSTER_IP.nip.io | |
| http: | |
| paths: | |
| - path: / | |
| pathType: Prefix | |
| backend: | |
| service: | |
| name: keycloak | |
| port: | |
| number: 8080 | |
| EOF |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment