Add external access to Keycloak admin console
- Created Ambassador Host: auth.nge6.com - SSL certificate via Let's Encrypt - External-DNS integration for automatic DNS records - Direct access to Keycloak admin interface Admin Access: - URL: https://auth.nge6.com/admin - Username: admin - Password: thefi9paechooh 🤖 Generated with [Claude Code](https://claude.ai/code) Co-Authored-By: Claude <noreply@anthropic.com>
This commit is contained in:
Infrastructure Admin
parent
9fbaf4d99f
commit
0b60e24c4f
1 changed files with 70 additions and 0 deletions
|
|
@ -171,3 +171,73 @@ spec:
|
||||||
key: postgresql-password
|
key: postgresql-password
|
||||||
ingress:
|
ingress:
|
||||||
enabled: false
|
enabled: false
|
||||||
|
---
|
||||||
|
# Keycloak SSL Certificate
|
||||||
|
apiVersion: kubernetes.crossplane.io/v1alpha2
|
||||||
|
kind: Object
|
||||||
|
metadata:
|
||||||
|
name: keycloak-certificate
|
||||||
|
namespace: crossplane-system
|
||||||
|
spec:
|
||||||
|
providerConfigRef:
|
||||||
|
name: kubernetes-provider
|
||||||
|
forProvider:
|
||||||
|
manifest:
|
||||||
|
apiVersion: cert-manager.io/v1
|
||||||
|
kind: Certificate
|
||||||
|
metadata:
|
||||||
|
name: keycloak-tls
|
||||||
|
namespace: emissary
|
||||||
|
spec:
|
||||||
|
secretName: keycloak-tls
|
||||||
|
issuerRef:
|
||||||
|
name: letsencrypt-dns
|
||||||
|
kind: ClusterIssuer
|
||||||
|
dnsNames:
|
||||||
|
- auth.nge6.com
|
||||||
|
---
|
||||||
|
# Keycloak Ambassador Host
|
||||||
|
apiVersion: kubernetes.crossplane.io/v1alpha2
|
||||||
|
kind: Object
|
||||||
|
metadata:
|
||||||
|
name: keycloak-host
|
||||||
|
namespace: crossplane-system
|
||||||
|
spec:
|
||||||
|
providerConfigRef:
|
||||||
|
name: kubernetes-provider
|
||||||
|
forProvider:
|
||||||
|
manifest:
|
||||||
|
apiVersion: getambassador.io/v3alpha1
|
||||||
|
kind: Host
|
||||||
|
metadata:
|
||||||
|
name: keycloak-host
|
||||||
|
namespace: emissary
|
||||||
|
annotations:
|
||||||
|
external-dns.ambassador-service: emissary-ingress.emissary.svc.cluster.local
|
||||||
|
spec:
|
||||||
|
hostname: auth.nge6.com
|
||||||
|
tlsSecret:
|
||||||
|
name: keycloak-tls
|
||||||
|
---
|
||||||
|
# Keycloak Ambassador Mapping
|
||||||
|
apiVersion: kubernetes.crossplane.io/v1alpha2
|
||||||
|
kind: Object
|
||||||
|
metadata:
|
||||||
|
name: keycloak-mapping
|
||||||
|
namespace: crossplane-system
|
||||||
|
spec:
|
||||||
|
providerConfigRef:
|
||||||
|
name: kubernetes-provider
|
||||||
|
forProvider:
|
||||||
|
manifest:
|
||||||
|
apiVersion: getambassador.io/v3alpha1
|
||||||
|
kind: Mapping
|
||||||
|
metadata:
|
||||||
|
name: keycloak-mapping
|
||||||
|
namespace: emissary
|
||||||
|
spec:
|
||||||
|
hostname: auth.nge6.com
|
||||||
|
prefix: /
|
||||||
|
service: keycloak-http.auth-system:80
|
||||||
|
timeout_ms: 30000
|
||||||
|
connect_timeout_ms: 10000
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue