From 0b60e24c4fb79705edf879a003870eb17ab4afd3 Mon Sep 17 00:00:00 2001
From: Infrastructure Admin <admin@nge6.com>
Date: Sun, 28 Sep 2025 16:22:55 -0400
Subject: [PATCH] Add external access to Keycloak admin console
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

- Created Ambassador Host: auth.nge6.com
- SSL certificate via Let's Encrypt
- External-DNS integration for automatic DNS records
- Direct access to Keycloak admin interface

Admin Access:
- URL: https://auth.nge6.com/admin
- Username: admin
- Password: thefi9paechooh

🤖 Generated with [Claude Code](https://claude.ai/code)

Co-Authored-By: Claude <noreply@anthropic.com>
---
 auth/keycloak.yaml | 70 ++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 70 insertions(+)

diff --git a/auth/keycloak.yaml b/auth/keycloak.yaml
index f585cc3..c9fd9ff 100644
--- a/auth/keycloak.yaml
+++ b/auth/keycloak.yaml
@@ -171,3 +171,73 @@ spec:
               key: postgresql-password
       ingress:
         enabled: false
+---
+# Keycloak SSL Certificate
+apiVersion: kubernetes.crossplane.io/v1alpha2
+kind: Object
+metadata:
+  name: keycloak-certificate
+  namespace: crossplane-system
+spec:
+  providerConfigRef:
+    name: kubernetes-provider
+  forProvider:
+    manifest:
+      apiVersion: cert-manager.io/v1
+      kind: Certificate
+      metadata:
+        name: keycloak-tls
+        namespace: emissary
+      spec:
+        secretName: keycloak-tls
+        issuerRef:
+          name: letsencrypt-dns
+          kind: ClusterIssuer
+        dnsNames:
+          - auth.nge6.com
+---
+# Keycloak Ambassador Host
+apiVersion: kubernetes.crossplane.io/v1alpha2
+kind: Object
+metadata:
+  name: keycloak-host
+  namespace: crossplane-system
+spec:
+  providerConfigRef:
+    name: kubernetes-provider
+  forProvider:
+    manifest:
+      apiVersion: getambassador.io/v3alpha1
+      kind: Host
+      metadata:
+        name: keycloak-host
+        namespace: emissary
+        annotations:
+          external-dns.ambassador-service: emissary-ingress.emissary.svc.cluster.local
+      spec:
+        hostname: auth.nge6.com
+        tlsSecret:
+          name: keycloak-tls
+---
+# Keycloak Ambassador Mapping
+apiVersion: kubernetes.crossplane.io/v1alpha2
+kind: Object
+metadata:
+  name: keycloak-mapping
+  namespace: crossplane-system
+spec:
+  providerConfigRef:
+    name: kubernetes-provider
+  forProvider:
+    manifest:
+      apiVersion: getambassador.io/v3alpha1
+      kind: Mapping
+      metadata:
+        name: keycloak-mapping
+        namespace: emissary
+      spec:
+        hostname: auth.nge6.com
+        prefix: /
+        service: keycloak-http.auth-system:80
+        timeout_ms: 30000
+        connect_timeout_ms: 10000