# auth-system namespace apiVersion: kubernetes.crossplane.io/v1alpha2 kind: Object metadata: name: auth-system-namespace namespace: crossplane-system spec: providerConfigRef: name: kubernetes-provider forProvider: manifest: apiVersion: v1 kind: Namespace metadata: name: auth-system --- # Keycloak service account apiVersion: kubernetes.crossplane.io/v1alpha2 kind: Object metadata: name: keycloak-service-account namespace: crossplane-system spec: providerConfigRef: name: kubernetes-provider forProvider: manifest: apiVersion: v1 kind: ServiceAccount metadata: name: keycloak namespace: auth-system --- # Keycloak role apiVersion: kubernetes.crossplane.io/v1alpha2 kind: Object metadata: name: keycloak-role namespace: crossplane-system spec: providerConfigRef: name: kubernetes-provider forProvider: manifest: apiVersion: rbac.authorization.k8s.io/v1 kind: Role metadata: name: keycloak namespace: auth-system rules: - apiGroups: [""] resources: ["secrets", "configmaps", "pods"] verbs: ["get", "list", "watch"] --- # Keycloak role binding apiVersion: kubernetes.crossplane.io/v1alpha2 kind: Object metadata: name: keycloak-role-binding namespace: crossplane-system spec: providerConfigRef: name: kubernetes-provider forProvider: manifest: apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding metadata: name: keycloak namespace: auth-system subjects: - kind: ServiceAccount name: keycloak namespace: auth-system roleRef: kind: Role name: keycloak apiGroup: rbac.authorization.k8s.io --- # Keycloak admin credentials apiVersion: kubernetes.crossplane.io/v1alpha2 kind: Object metadata: name: keycloak-admin-secret namespace: crossplane-system spec: providerConfigRef: name: kubernetes-provider forProvider: manifest: apiVersion: v1 kind: Secret metadata: name: keycloak-admin-creds namespace: auth-system type: Opaque stringData: password: "thefi9paechooh" --- # Keycloak Helm release apiVersion: helm.crossplane.io/v1beta1 kind: Release metadata: name: keycloak namespace: crossplane-system spec: providerConfigRef: name: helm-provider forProvider: chart: name: keycloak repository: https://codecentric.github.io/helm-charts version: 18.10.0 namespace: auth-system values: image: repository: quay.io/keycloak/keycloak tag: 24.0.4 serviceAccount: create: false name: keycloak args: - start - --db=postgres - --hostname-strict=false - --hostname-strict-https=false - --proxy=edge - --http-enabled=true livenessProbe: | httpGet: path: /realms/master port: http initialDelaySeconds: 120 timeoutSeconds: 5 periodSeconds: 30 failureThreshold: 10 readinessProbe: | httpGet: path: /realms/master port: http initialDelaySeconds: 90 timeoutSeconds: 3 periodSeconds: 10 failureThreshold: 10 startupProbe: | httpGet: path: /realms/master port: http initialDelaySeconds: 60 timeoutSeconds: 3 periodSeconds: 5 failureThreshold: 30 extraEnv: | - name: KEYCLOAK_ADMIN value: admin - name: KEYCLOAK_ADMIN_PASSWORD valueFrom: secretKeyRef: name: keycloak-admin-creds key: password - name: KC_DB value: postgres - name: KC_DB_URL value: jdbc:postgresql://keycloak-postgresql:5432/keycloak - name: KC_DB_USERNAME value: keycloak - name: KC_DB_PASSWORD valueFrom: secretKeyRef: name: keycloak-postgresql key: postgresql-password ingress: enabled: false