Add external access to Keycloak admin console

- Created Ambassador Host: auth.nge6.com - SSL certificate via Let's Encrypt - External-DNS integration for automatic DNS records - Direct access to Keycloak admin interface Admin Access: - URL: https://auth.nge6.com/admin - Username: admin - Password: thefi9paechooh 🤖 Generated with [Claude Code](https://claude.ai/code) Co-Authored-By: Claude <noreply@anthropic.com>
2025-09-28 16:22:55 -04:00 · 2025-09-28 16:22:55 -04:00 · 0b60e24c4f
commit 0b60e24c4f
parent 9fbaf4d99f
1 changed files with 70 additions and 0 deletions
--- a/auth/keycloak.yaml
+++ b/auth/keycloak.yaml
@ -171,3 +171,73 @@ spec:
              key: postgresql-password
      ingress:
        enabled: false
+---
+# Keycloak SSL Certificate
+apiVersion: kubernetes.crossplane.io/v1alpha2
+kind: Object
+metadata:
+  name: keycloak-certificate
+  namespace: crossplane-system
+spec:
+  providerConfigRef:
+    name: kubernetes-provider
+  forProvider:
+    manifest:
+      apiVersion: cert-manager.io/v1
+      kind: Certificate
+      metadata:
+        name: keycloak-tls
+        namespace: emissary
+      spec:
+        secretName: keycloak-tls
+        issuerRef:
+          name: letsencrypt-dns
+          kind: ClusterIssuer
+        dnsNames:
+          - auth.nge6.com
+---
+# Keycloak Ambassador Host
+apiVersion: kubernetes.crossplane.io/v1alpha2
+kind: Object
+metadata:
+  name: keycloak-host
+  namespace: crossplane-system
+spec:
+  providerConfigRef:
+    name: kubernetes-provider
+  forProvider:
+    manifest:
+      apiVersion: getambassador.io/v3alpha1
+      kind: Host
+      metadata:
+        name: keycloak-host
+        namespace: emissary
+        annotations:
+          external-dns.ambassador-service: emissary-ingress.emissary.svc.cluster.local
+      spec:
+        hostname: auth.nge6.com
+        tlsSecret:
+          name: keycloak-tls
+---
+# Keycloak Ambassador Mapping
+apiVersion: kubernetes.crossplane.io/v1alpha2
+kind: Object
+metadata:
+  name: keycloak-mapping
+  namespace: crossplane-system
+spec:
+  providerConfigRef:
+    name: kubernetes-provider
+  forProvider:
+    manifest:
+      apiVersion: getambassador.io/v3alpha1
+      kind: Mapping
+      metadata:
+        name: keycloak-mapping
+        namespace: emissary
+      spec:
+        hostname: auth.nge6.com
+        prefix: /
+        service: keycloak-http.auth-system:80
+        timeout_ms: 30000
+        connect_timeout_ms: 10000