--- apiVersion: v1 kind: List items: - apiVersion: v1 kind: Secret metadata: labels: provider: fabric8 project: keycloak version: 1.0.2 group: io.fabric8.apps name: keycloak data: db.name: a2V5Y2xvYWsK db.user: a2V5Y2xvYWsK db.password: a2V5Y2xvYWsK kc.user: YWRtaW4K kc.password: YWRtaW4K kc.clientid.secret: Yjc4NzNmODAtNmFkNy00NGE1LTk3Y2ItYmQyMTA3ODllYjQx kc.private.key: TUlJQ1dnSUJBQUtCZ0VqbFpOMVE3d2c1UU9IelhHcXlOZi9xL1ZIUTBvSjJOZGVPRHMxOHh1WkpHSkxEZVA4ZU5QY2trbGdWb1RJaFZzOTlaNXRMTTFoUCs5R213ODI1dVVXRnZsNHg1MGoyYW0yNUFIOGlpUGhreUw2aEx6dThzYnd3clU5R1RpcllqRVM5RlNRVWF6TmlWMVhYSGR5TGRvRm03dzMzZDVobFdpT1M4NmNmRnNGN0FnTUJBQUVDZ1lBUE5NTDRvOVJwQzhCc0lkN3FadWg2elNNd3VQWGd2eFgyTkMwRVVuNFBOYnBKaXpzblJMN1p1eWhIOWFNZG1QVEo3YWY2TGhLMDNtSnlWbTVMOE8wanlYQ2JzaWdkTVUxSDF4UmZiZ1JOUTViRHpHZUJzYTlFSHlpa2dDbkVTNXRZcFVKQnRzNjdKOVNYTU56VTFDckliM2JPQUhsaXp2aWozaE9KS0plQWlRSkJBSkJzVEd2VmtYZzFTZ0l2bk42dXlIU0h3V0hLaVhFOVdCQ1VQTkZrMklyNmtDYUlEeTB4MHlHbklBcVA3SmdJeE1lR0M1Njl4VmZEcEYvZnIyaTFvQjhDUVFDQk5xSTF3TlZvczVlTGhKcXdGNThLWURLbWZlRjY2QkJXblBJQ01UMFVaL1lCTFc1UlRCbzUvVDlnemxLQk1LUmVRanp6K1ZaQ0F2cHdhb09FUWNNbEFrQnFyc1VvNXVNRk5BQU9hMU5xbnh2T0VMWUY0ZEh6UjBnMVB2dEtCajk3TWltbmZOd1JHM3dGb09tblE3ZVdldXU1STBpVUkwU1NWeCtsL3BzWk13a3JBa0JBTDQ1Mld6cm5qc2JKNUc0ZTZTejByNEtabDlCcENGd05XbHNSWWJvd3A4L1pGK05EK1NUU0I0M3pIYXA0U0Z4dUFrTmJBbEdwNnViUzd1WXp6YU1OQWtCRFRvSXQxL1FHUExBM2JaVzV1YTdLZ3VtdzFtMjF5Y1BmdUFkYklpclhMdE16SGR3dXFuQkFMbElJOXBFZU4xTEttNzR1cGswZDluTitxS05lT2RQSA== kc.public.key: TUlHZU1BMEdDU3FHU0liM0RRRUJBUVVBQTRHTUFEQ0JpQUtCZ0VqbFpOMVE3d2c1UU9IelhHcXlOZi9xL1ZIUTBvSjJOZGVPRHMxOHh1WkpHSkxEZVA4ZU5QY2trbGdWb1RJaFZzOTlaNXRMTTFoUCs5R213ODI1dVVXRnZsNHg1MGoyYW0yNUFIOGlpUGhreUw2aEx6dThzYnd3clU5R1RpcllqRVM5RlNRVWF6TmlWMVhYSGR5TGRvRm03dzMzZDVobFdpT1M4NmNmRnNGN0FnTUJBQUU9 - apiVersion: v1 kind: Service metadata: annotations: service.alpha.openshift.io/dependencies: '[{"name":"keycloak-db","namespace":"","kind":"Service"}]' fabric8.io/git-commit: c9de63f98f0be32f5fb9c4d3afce2d8503cdfb8f fabric8.io/git-branch: release-v1.0.2 fabric8.io/scm-con-url: scm:git:git@github.com:fabric8-apps/keycloak-app.git/keycloak fabric8.io/scm-devcon-url: scm:git:git@github.com:fabric8-apps/keycloak-app.git/keycloak fabric8.io/scm-tag: keycloak-app-1.0.0 fabric8.io/scm-url: http://github.com/fabric8-apps/keycloak-app/keycloak labels: expose: "true" provider: fabric8 project: keycloak version: 1.0.2 group: io.fabric8.apps name: keycloak spec: ports: - name: http port: 80 protocol: TCP targetPort: 8080 selector: project: keycloak provider: fabric8 group: io.fabric8.apps - apiVersion: v1 kind: Service metadata: annotations: fabric8.io/target-platform: openshift service.alpha.openshift.io/dependencies: '[{"name":"keycloak-db","namespace":"","kind":"Service"}]' fabric8.io/git-commit: c9de63f98f0be32f5fb9c4d3afce2d8503cdfb8f fabric8.io/git-branch: release-v1.0.2 fabric8.io/scm-con-url: scm:git:git@github.com:fabric8-apps/keycloak-app.git/keycloak fabric8.io/scm-devcon-url: scm:git:git@github.com:fabric8-apps/keycloak-app.git/keycloak fabric8.io/scm-tag: keycloak-app-1.0.0 fabric8.io/scm-url: http://github.com/fabric8-apps/keycloak-app/keycloak labels: expose: "true" provider: fabric8 project: keycloak version: 1.0.2 group: io.fabric8.apps name: sso spec: ports: - name: http port: 80 protocol: TCP targetPort: 8080 selector: project: keycloak provider: fabric8 group: io.fabric8.apps - apiVersion: v1 kind: ConfigMap metadata: annotations: expose.config.fabric8.io/apiserver-url-key: apiserver.url expose.service-key.config.fabric8.io/fabric8: fabric8.url expose.service-key.config.fabric8.io/keycloak: keycloak.url expose.service-key.config.fabric8.io/jenkins: jenkins.url expose-full.service-key.config.fabric8.io/wit: wit.api.url expose-no-path.service-key.config.fabric8.io/auth: auth.url labels: provider: fabric8 project: keycloak version: 1.0.2 group: io.fabric8.apps name: keycloak data: db.url: keycloak-db db.port: "5432" apiserver.url: http://kubernetes fabric8.url: http://fabric8 jenkins.url: http://jenkins keycloak.url: http://keycloak auth.api.url: http://auth wit.api.url: http://wit fabric8-realm.json: |- { "realm": "fabric8", "enabled": true, "loginTheme": "fabric8", "privateKey": "${KEYCLOAK_PRIVATEKEY}", "publicKey": "${KEYCLOAK_PUBLICKEY}", "sslRequired": "external", "accessTokenLifespan" : 2592000, "accessTokenLifespanForImplicitFlow" : 1296000, "ssoSessionIdleTimeout" : 2592000, "accessCodeLifespanUserAction" : 36000, "accessCodeLifespanLogin" : 2592000, "ssoSessionMaxLifespan" : 2592000, "offlineSessionIdleTimeout" : 2592000, "accessCodeLifespan" : 60, "clients": [ { "clientId": "fabric8-online-platform", "enabled": true, "standardFlowEnabled": true, "implicitFlowEnabled": false, "directAccessGrantsEnabled": true, "authorizationServicesEnabled" : true, "fullScopeAllowed": true, "serviceAccountsEnabled": true, "clientAuthenticatorType": "client-secret", "secret": "${KEYCLOAK_CLIENTID_SECRET}", "publicClient" : true, "adminUrl" : "", "baseUrl" : "", "redirectUris": [ "http://localhost:8080/api/login/*", "${AUTH_URL}*", "${WIT_URL}*", "${JENKINS_URL}/securityRealm/finishLogin", "${KEYCLOAK_URL}/*" ], "webOrigins": [ "*" ], "defaultRoles": ["uma_protection"], "authorizationSettings" : { "allowRemoteResourceManagement" : true, "policyEnforcementMode" : "ENFORCING", "scopes" : [ { "name" : "read:space" }, { "name" : "admin:space" } ] } }, { "clientId": "che", "enabled": true, "redirectUris": [ "*" ], "implicitFlowEnabled": false, "directAccessGrantsEnabled": true, "publicClient": true, "protocol": "openid-connect", "fullScopeAllowed": true } ], "users": [{ "username": "service-account-fabric8-online-platform", "enabled": true, "totp": false, "emailVerified": false, "email": "service-account-fabric8-online-platform@placeholder.org", "serviceAccountClientId": "fabric8-online-platform", "credentials": [], "disableableCredentialTypes": [], "requiredActions": [], "realmRoles": ["offline_access", "uma_authorization"], "clientRoles": { "realm-management": ["view-users", "manage-authorization"], "broker": ["read-token"], "fabric8-online-platform": ["uma_protection"], "account": ["manage-account", "view-profile"] }, "groups": [] }], "clientScopeMappings": { "realm-management": [ { "client": "fabric8-online-platform", "roles": ["view-users"] }, { "client": "fabric8-online-platform", "roles": ["manage-authorization"] } ], "broker": [ { "client": "fabric8-online-platform", "roles": ["read-token"] } ] }, "roles" : { "realm" : [ { "name": "read:space", "description": "Read space" }, { "name": "admin:space", "description": "Admin space" } ] }, "identityProviders": [ { "alias" : "openshift-v3", "providerId" : "openshift-v3", "enabled": true, "updateProfileFirstLogin" : "true", "storeToken" : "true", "addReadTokenRoleOnCreate" : true, "config": { "hideOnLoginPage": "${HIDE_OPENSHIFT_BTN}", "baseUrl": "${K8S_API_SERVER}", "clientId": "fabric8-online-platform", "defaultScope": "user:full", "clientSecret": "fabric8" } }, { "alias" : "github", "providerId" : "github", "enabled": true, "updateProfileFirstLogin" : "true", "storeToken" : "true", "trustEmail": true, "addReadTokenRoleOnCreate" : true, "config": { "hideOnLoginPage": "${HIDE_GITHUB_BTN}", "clientSecret": "${GITHUB_OAUTH_CLIENT_SECRET}", "clientId": "${GITHUB_OAUTH_CLIENT_ID}", "defaultScope": "admin:repo_hook read:org repo user gist", "useJwksUrl": "true" } } ], "identityProviderMappers" : [ { "name" : "approved", "identityProviderAlias" : "openshift-v3", "identityProviderMapper" : "hardcoded-attribute-idp-mapper", "config" : { "attribute.value" : "true", "attribute" : "approved" } }, { "name" : "approved", "identityProviderAlias" : "github", "identityProviderMapper" : "hardcoded-attribute-idp-mapper", "config" : { "attribute.value" : "true", "attribute" : "approved" } } ] } - apiVersion: v1 kind: DeploymentConfig metadata: annotations: configmap.fabric8.io/update-on-change: keycloak fabric8.io/target-platform: openshift labels: provider: fabric8 project: keycloak version: 1.0.2 group: io.fabric8.apps name: keycloak spec: replicas: 1 strategy: rollingParams: timeoutSeconds: 3600 type: Rolling template: metadata: annotations: pod.beta.kubernetes.io/init-containers: |- [{ "name": "git-cloner", "image": "fabric8/builder-clients:0.11", "imagePullPolicy": "IfNotPresent", "command": [ "/bin/bash" ], "args": [ "-c", "rm -rf /keycloak-theme/login && git clone https://github.com/fabric8io/fabric8-keycloak-theme.git /keycloak-theme/login && cd /keycloak-theme/login && git checkout 61b08f0a2f4be2395bb0bbb6d16a8538f4f2b836" ], "volumeMounts": [{ "name": "keycloak-theme", "mountPath": "/keycloak-theme" }] }, { "name": "openshift-ca-pemtokeystore", "image": "jimmidyson/pemtokeystore:v0.2.0", "imagePullPolicy": "IfNotPresent", "args": [ "-keystore", "/tls-keystore/openshift-truststore.jks", "-ca-file", "/var/run/secrets/kubernetes.io/serviceaccount/ca.crt", "-ca-file", "/var/run/secrets/kubernetes.io/serviceaccount/service-ca.crt", "-ca-dir", "/usr/share/ca-certificates/mozilla" ], "volumeMounts": [{ "name": "keycloak-tls", "mountPath": "/tls-keystore" }] }, { "name": "envvar-substitution", "image": "fabric8/envsubst-file:1.0.0", "imagePullPolicy": "IfNotPresent", "args": [ "fabric8-realm.json" ], "env": [{ "name": "AUTH_URL", "valueFrom": { "configMapKeyRef": { "name": "keycloak", "key": "auth.api.url" } } }, { "name": "WIT_URL", "valueFrom": { "configMapKeyRef": { "name": "keycloak", "key": "wit.api.url" } } }, { "name": "KEYCLOAK_URL", "valueFrom": { "configMapKeyRef": { "name": "keycloak", "key": "keycloak.url" } } }, { "name": "FABRIC8_URL", "valueFrom": { "configMapKeyRef": { "name": "keycloak", "key": "fabric8.url" } } }, { "name": "KEYCLOAK_PRIVATEKEY", "valueFrom": { "secretKeyRef": { "name": "keycloak", "key": "kc.private.key" } } }, { "name": "KEYCLOAK_PUBLICKEY", "valueFrom": { "secretKeyRef": { "name": "keycloak", "key": "kc.public.key" } } }, { "name": "KEYCLOAK_CLIENTID_SECRET", "valueFrom": { "secretKeyRef": { "name": "keycloak", "key": "kc.clientid.secret" } } }, { "name": "K8S_API_SERVER", "valueFrom": { "configMapKeyRef": { "name": "keycloak", "key": "apiserver.url" } } }, { "name": "HIDE_OPENSHIFT_BTN", "value": "false" }, { "name": "HIDE_GITHUB_BTN", "value": "true" }], "volumeMounts": [ { "name": "keycloak-config", "mountPath": "/workdir/fabric8-realm.json", "subPath": "config/fabric8-realm.json" }, { "name": "keycloak-subst-config", "mountPath": "/processed" } ] }, { "name": "init-dependencyservice", "image": "fabric8/fabric8-dependency-wait-service:v6632df1", "imagePullPolicy": "IfNotPresent", "command": ["sh", "-c", "fabric8-dependency-wait-service-linux-amd64 postgres://keycloak@keycloak-db:5432"], "env": [{ "name": "DEPENDENCY_POLL_INTERVAL", "value": "1" }, { "name": "DEPENDENCY_LOG_VERBOSE", "value": "true" }] }] labels: provider: fabric8 project: keycloak version: 1.0.2 group: io.fabric8.apps spec: containers: - args: - -b $(INTERNAL_POD_IP) - -Djgroups.bind_addr=global - -Djboss.node.name=$(INTERNAL_POD_IP) - -Djavax.net.ssl.trustStore=/opt/jboss/keycloak/standalone/configuration/tls/openshift-truststore.jks - -Dkeycloak.migration.action=import - -Dkeycloak.migration.provider=singleFile - -Dkeycloak.migration.file=/opt/jboss/keycloak/standalone/configuration/import/fabric8-realm.json - -Dkeycloak.migration.strategy=IGNORE_EXISTING env: - name: POSTGRES_HOSTNAME value: keycloak-db - name: POSTGRES_USER value: keycloak - name: POSTGRES_PASSWORD value: keycloak - name: OPERATING_MODE value: standalone - name: POSTGRES_PORT_5432_TCP_ADDR value: keycloak-db - name: INTERNAL_POD_IP valueFrom: fieldRef: fieldPath: status.podIP - name: KEYCLOAK_USER valueFrom: secretKeyRef: key: kc.user name: keycloak - name: KEYCLOAK_PASSWORD valueFrom: secretKeyRef: key: kc.password name: keycloak - name: KEYCLOAK_CLIENTID_SECRET valueFrom: secretKeyRef: key: kc.clientid.secret name: keycloak - name: KEYCLOAK_PRIVATEKEY valueFrom: secretKeyRef: key: kc.private.key name: keycloak - name: KEYCLOAK_PUBLICKEY valueFrom: secretKeyRef: key: kc.public.key name: keycloak - name: HIDE_OPENSHIFT_BTN value: "false" - name: HIDE_GITHUB_BTN value: "true" image: fabric8/keycloak-postgres:v15751c8 livenessProbe: httpGet: path: /auth port: 8080 initialDelaySeconds: 60 timeoutSeconds: 10 name: keycloak readinessProbe: httpGet: path: /auth port: 8080 initialDelaySeconds: 10 timeoutSeconds: 10 volumeMounts: - mountPath: /opt/jboss/keycloak/standalone/configuration/tls name: keycloak-tls - mountPath: /opt/jboss/keycloak/standalone/configuration/import name: keycloak-subst-config - mountPath: /opt/jboss/keycloak/themes/fabric8 name: keycloak-theme volumes: - emptyDir: {} name: keycloak-tls - emptyDir: {} name: keycloak-subst-config - configMap: items: - key: fabric8-realm.json path: config/fabric8-realm.json name: keycloak name: keycloak-config - emptyDir: {} name: keycloak-theme - apiVersion: v1 kind: Route metadata: labels: provider: fabric8 project: keycloak version: 1.0.2 group: io.fabric8.apps name: keycloak spec: to: kind: Service name: keycloak - apiVersion: v1 kind: Route metadata: annotations: fabric8.io/target-platform: openshift service.alpha.openshift.io/dependencies: '[{"name":"keycloak-db","namespace":"","kind":"Service"}]' labels: expose: "true" provider: fabric8 project: keycloak version: 1.0.2 group: io.fabric8.apps name: sso spec: port: targetPort: 8080 to: kind: Service name: sso