--- apiVersion: v1 kind: List items: - apiVersion: v1 kind: Secret metadata: labels: provider: fabric8 project: keycloak version: 4.0.21 group: io.fabric8.platform.apps name: keycloak data: db.name: a2V5Y2xvYWsK db.user: a2V5Y2xvYWsK db.password: a2V5Y2xvYWsK kc.user: YWRtaW4K kc.password: YWRtaW4K kc.clientid.secret: Yjc4NzNmODAtNmFkNy00NGE1LTk3Y2ItYmQyMTA3ODllYjQx kc.private.key: TUlJQ1dnSUJBQUtCZ0VqbFpOMVE3d2c1UU9IelhHcXlOZi9xL1ZIUTBvSjJOZGVPRHMxOHh1WkpHSkxEZVA4ZU5QY2trbGdWb1RJaFZzOTlaNXRMTTFoUCs5R213ODI1dVVXRnZsNHg1MGoyYW0yNUFIOGlpUGhreUw2aEx6dThzYnd3clU5R1RpcllqRVM5RlNRVWF6TmlWMVhYSGR5TGRvRm03dzMzZDVobFdpT1M4NmNmRnNGN0FnTUJBQUVDZ1lBUE5NTDRvOVJwQzhCc0lkN3FadWg2elNNd3VQWGd2eFgyTkMwRVVuNFBOYnBKaXpzblJMN1p1eWhIOWFNZG1QVEo3YWY2TGhLMDNtSnlWbTVMOE8wanlYQ2JzaWdkTVUxSDF4UmZiZ1JOUTViRHpHZUJzYTlFSHlpa2dDbkVTNXRZcFVKQnRzNjdKOVNYTU56VTFDckliM2JPQUhsaXp2aWozaE9KS0plQWlRSkJBSkJzVEd2VmtYZzFTZ0l2bk42dXlIU0h3V0hLaVhFOVdCQ1VQTkZrMklyNmtDYUlEeTB4MHlHbklBcVA3SmdJeE1lR0M1Njl4VmZEcEYvZnIyaTFvQjhDUVFDQk5xSTF3TlZvczVlTGhKcXdGNThLWURLbWZlRjY2QkJXblBJQ01UMFVaL1lCTFc1UlRCbzUvVDlnemxLQk1LUmVRanp6K1ZaQ0F2cHdhb09FUWNNbEFrQnFyc1VvNXVNRk5BQU9hMU5xbnh2T0VMWUY0ZEh6UjBnMVB2dEtCajk3TWltbmZOd1JHM3dGb09tblE3ZVdldXU1STBpVUkwU1NWeCtsL3BzWk13a3JBa0JBTDQ1Mld6cm5qc2JKNUc0ZTZTejByNEtabDlCcENGd05XbHNSWWJvd3A4L1pGK05EK1NUU0I0M3pIYXA0U0Z4dUFrTmJBbEdwNnViUzd1WXp6YU1OQWtCRFRvSXQxL1FHUExBM2JaVzV1YTdLZ3VtdzFtMjF5Y1BmdUFkYklpclhMdE16SGR3dXFuQkFMbElJOXBFZU4xTEttNzR1cGswZDluTitxS05lT2RQSA== kc.public.key: TUlHZU1BMEdDU3FHU0liM0RRRUJBUVVBQTRHTUFEQ0JpQUtCZ0VqbFpOMVE3d2c1UU9IelhHcXlOZi9xL1ZIUTBvSjJOZGVPRHMxOHh1WkpHSkxEZVA4ZU5QY2trbGdWb1RJaFZzOTlaNXRMTTFoUCs5R213ODI1dVVXRnZsNHg1MGoyYW0yNUFIOGlpUGhreUw2aEx6dThzYnd3clU5R1RpcllqRVM5RlNRVWF6TmlWMVhYSGR5TGRvRm03dzMzZDVobFdpT1M4NmNmRnNGN0FnTUJBQUU9 - apiVersion: v1 kind: Service metadata: annotations: service.alpha.openshift.io/dependencies: '[{"name":"keycloak-db","namespace":"","kind":"Service"}]' fabric8.io/git-commit: 5b63c847238daffd6c3c79852451cc33f8637be4 fabric8.io/git-branch: release-v4.0.21 fabric8.io/scm-con-url: scm:git:git@github.com:fabric8io/fabric8-platform.git/apps/keycloak fabric8.io/scm-devcon-url: scm:git:git@github.com:fabric8io/fabric8-platform.git/apps/keycloak fabric8.io/scm-tag: app-console-2.0.1 fabric8.io/scm-url: http://github.com/fabric8io/fabric8-platform/apps/keycloak labels: expose: "true" provider: fabric8 project: keycloak version: 4.0.21 group: io.fabric8.platform.apps name: keycloak spec: ports: - name: http port: 80 protocol: TCP targetPort: 8080 selector: project: keycloak provider: fabric8 group: io.fabric8.platform.apps - apiVersion: v1 kind: Service metadata: annotations: fabric8.io/target-platform: openshift service.alpha.openshift.io/dependencies: '[{"name":"keycloak-db","namespace":"","kind":"Service"}]' fabric8.io/git-commit: 5b63c847238daffd6c3c79852451cc33f8637be4 fabric8.io/git-branch: release-v4.0.21 fabric8.io/scm-con-url: scm:git:git@github.com:fabric8io/fabric8-platform.git/apps/keycloak fabric8.io/scm-devcon-url: scm:git:git@github.com:fabric8io/fabric8-platform.git/apps/keycloak fabric8.io/scm-tag: app-console-2.0.1 fabric8.io/scm-url: http://github.com/fabric8io/fabric8-platform/apps/keycloak labels: expose: "true" provider: fabric8 project: keycloak version: 4.0.21 group: io.fabric8.platform.apps name: sso spec: ports: - name: http port: 80 protocol: TCP targetPort: 8080 selector: project: keycloak provider: fabric8 group: io.fabric8.platform.apps - apiVersion: v1 kind: ConfigMap metadata: annotations: expose.config.fabric8.io/apiserver-url-key: apiserver.url expose.service-key.config.fabric8.io/fabric8: fabric8.url expose.service-key.config.fabric8.io/keycloak: keycloak.url expose.service-key.config.fabric8.io/jenkins: jenkins.url expose-full.service-key.config.fabric8.io/wit: wit.api.url labels: provider: fabric8 project: keycloak version: 4.0.21 group: io.fabric8.platform.apps name: keycloak data: db.url: keycloak-db db.port: "5432" apiserver.url: http://kubernetes fabric8.url: http://fabric8 jenkins.url: http://jenkins keycloak.url: http://keycloak wit.api.url: http://wit fabric8-realm.json: |- { "realm": "fabric8", "enabled": true, "loginTheme": "fabric8", "privateKey": "${KEYCLOAK_PRIVATEKEY}", "publicKey": "${KEYCLOAK_PUBLICKEY}", "sslRequired": "external", "accessTokenLifespan" : 2592000, "accessTokenLifespanForImplicitFlow" : 1296000, "ssoSessionIdleTimeout" : 2592000, "accessCodeLifespanUserAction" : 36000, "accessCodeLifespanLogin" : 2592000, "ssoSessionMaxLifespan" : 2592000, "offlineSessionIdleTimeout" : 2592000, "accessCodeLifespan" : 60, "clients": [ { "clientId": "fabric8-online-platform", "enabled": true, "standardFlowEnabled": true, "implicitFlowEnabled": false, "directAccessGrantsEnabled": true, "authorizationServicesEnabled" : true, "fullScopeAllowed": true, "serviceAccountsEnabled": true, "clientAuthenticatorType": "client-secret", "secret": "${KEYCLOAK_CLIENTID_SECRET}", "publicClient" : true, "adminUrl" : "", "baseUrl" : "", "redirectUris": [ "http://localhost:8080/api/login/*", "${WIT_URL}*", "${JENKINS_URL}/securityRealm/finishLogin", "${KEYCLOAK_URL}/*" ], "webOrigins": [ "*" ], "defaultRoles": ["uma_protection"], "authorizationSettings" : { "allowRemoteResourceManagement" : true, "policyEnforcementMode" : "ENFORCING", "scopes" : [ { "name" : "read:space" }, { "name" : "admin:space" } ] } } ], "users": [{ "username": "service-account-fabric8-online-platform", "enabled": true, "totp": false, "emailVerified": false, "email": "service-account-fabric8-online-platform@placeholder.org", "serviceAccountClientId": "fabric8-online-platform", "credentials": [], "disableableCredentialTypes": [], "requiredActions": [], "realmRoles": ["offline_access", "uma_authorization"], "clientRoles": { "realm-management": ["view-users", "manage-authorization"], "broker": ["read-token"], "fabric8-online-platform": ["uma_protection"], "account": ["manage-account", "view-profile"] }, "groups": [] }], "clientScopeMappings": { "realm-management": [ { "client": "fabric8-online-platform", "roles": ["view-users"] }, { "client": "fabric8-online-platform", "roles": ["manage-authorization"] } ], "broker": [ { "client": "fabric8-online-platform", "roles": ["read-token"] } ] }, "roles" : { "realm" : [ { "name": "read:space", "description": "Read space" }, { "name": "admin:space", "description": "Admin space" } ] }, "identityProviders": [ { "alias" : "openshift-v3", "providerId" : "openshift-v3", "enabled": true, "updateProfileFirstLogin" : "true", "storeToken" : "true", "addReadTokenRoleOnCreate" : true, "config": { "baseUrl": "${K8S_API_SERVER}", "clientId": "fabric8-online-platform", "defaultScope": "user:full", "clientSecret": "fabric8" } }, { "alias" : "github", "providerId" : "github", "enabled": true, "updateProfileFirstLogin" : "true", "storeToken" : "true", "trustEmail": true, "addReadTokenRoleOnCreate" : true, "config": { "clientSecret": "${GITHUB_OAUTH_CLIENT_SECRET}", "clientId": "${GITHUB_OAUTH_CLIENT_ID}", "defaultScope": "admin:repo_hook read:org repo user gist", "useJwksUrl": "true" } } ], "identityProviderMappers" : [ { "name" : "approved", "identityProviderAlias" : "openshift-v3", "identityProviderMapper" : "hardcoded-attribute-idp-mapper", "config" : { "attribute.value" : "true", "attribute" : "approved" } }, { "name" : "approved", "identityProviderAlias" : "github", "identityProviderMapper" : "hardcoded-attribute-idp-mapper", "config" : { "attribute.value" : "true", "attribute" : "approved" } } ] } - apiVersion: v1 kind: DeploymentConfig metadata: annotations: configmap.fabric8.io/update-on-change: keycloak fabric8.io/target-platform: openshift labels: provider: fabric8 project: keycloak version: 4.0.21 group: io.fabric8.platform.apps name: keycloak spec: replicas: 1 strategy: rollingParams: timeoutSeconds: 7200 type: Rolling template: metadata: annotations: pod.beta.kubernetes.io/init-containers: |- [{ "name": "openshift-ca-pemtokeystore", "image": "jimmidyson/pemtokeystore:v0.2.0", "imagePullPolicy": "IfNotPresent", "args": [ "-keystore", "/tls-keystore/openshift-truststore.jks", "-ca-file", "/var/run/secrets/kubernetes.io/serviceaccount/ca.crt", "-ca-file", "/var/run/secrets/kubernetes.io/serviceaccount/service-ca.crt", "-ca-dir", "/usr/share/ca-certificates/mozilla" ], "volumeMounts": [{ "name": "keycloak-tls", "mountPath": "/tls-keystore" }] }, { "name": "envvar-substitution", "image": "fabric8/envsubst-file:1.0.0", "imagePullPolicy": "IfNotPresent", "args": [ "fabric8-realm.json" ], "env": [{ "name": "WIT_URL", "valueFrom": { "configMapKeyRef": { "name": "keycloak", "key": "wit.api.url" } } }, { "name": "KEYCLOAK_URL", "valueFrom": { "configMapKeyRef": { "name": "keycloak", "key": "keycloak.url" } } }, { "name": "FABRIC8_URL", "valueFrom": { "configMapKeyRef": { "name": "keycloak", "key": "fabric8.url" } } }, { "name": "KEYCLOAK_PRIVATEKEY", "valueFrom": { "secretKeyRef": { "name": "keycloak", "key": "kc.private.key" } } }, { "name": "KEYCLOAK_PUBLICKEY", "valueFrom": { "secretKeyRef": { "name": "keycloak", "key": "kc.public.key" } } }, { "name": "KEYCLOAK_CLIENTID_SECRET", "valueFrom": { "secretKeyRef": { "name": "keycloak", "key": "kc.clientid.secret" } } }, { "name": "K8S_API_SERVER", "valueFrom": { "configMapKeyRef": { "name": "keycloak", "key": "apiserver.url" } } }], "volumeMounts": [ { "name": "keycloak-config", "mountPath": "/workdir/fabric8-realm.json", "subPath": "config/fabric8-realm.json" }, { "name": "keycloak-subst-config", "mountPath": "/processed" } ] }] labels: provider: fabric8 project: keycloak version: 4.0.21 group: io.fabric8.platform.apps spec: containers: - args: - -b $(INTERNAL_POD_IP) - -Djgroups.bind_addr=global - -Djboss.node.name=$(INTERNAL_POD_IP) - -Djavax.net.ssl.trustStore=/opt/jboss/keycloak/standalone/configuration/tls/openshift-truststore.jks - -Dkeycloak.migration.action=import - -Dkeycloak.migration.provider=singleFile - -Dkeycloak.migration.file=/opt/jboss/keycloak/standalone/configuration/import/fabric8-realm.json - -Dkeycloak.migration.strategy=OVERWRITE_EXISTING env: - name: POSTGRES_HOSTNAME value: keycloak-db - name: POSTGRES_USER value: keycloak - name: POSTGRES_PASSWORD value: keycloak - name: OPERATING_MODE value: standalone - name: POSTGRES_PORT_5432_TCP_ADDR value: keycloak-db - name: INTERNAL_POD_IP valueFrom: fieldRef: fieldPath: status.podIP - name: KEYCLOAK_USER valueFrom: secretKeyRef: key: kc.user name: keycloak - name: KEYCLOAK_PASSWORD valueFrom: secretKeyRef: key: kc.password name: keycloak - name: KEYCLOAK_CLIENTID_SECRET valueFrom: secretKeyRef: key: kc.clientid.secret name: keycloak - name: KEYCLOAK_PRIVATEKEY valueFrom: secretKeyRef: key: kc.private.key name: keycloak - name: KEYCLOAK_PUBLICKEY valueFrom: secretKeyRef: key: kc.public.key name: keycloak image: fabric8/keycloak-postgres:v15751c8 livenessProbe: httpGet: path: /auth port: 8080 initialDelaySeconds: 60 timeoutSeconds: 10 name: keycloak readinessProbe: httpGet: path: /auth port: 8080 initialDelaySeconds: 10 timeoutSeconds: 10 volumeMounts: - mountPath: /opt/jboss/keycloak/standalone/configuration/tls name: keycloak-tls - mountPath: /opt/jboss/keycloak/standalone/configuration/import name: keycloak-subst-config volumes: - emptyDir: {} name: keycloak-tls - emptyDir: {} name: keycloak-subst-config - configMap: items: - key: fabric8-realm.json path: config/fabric8-realm.json name: keycloak name: keycloak-config - apiVersion: v1 kind: Route metadata: labels: provider: fabric8 project: keycloak version: 4.0.21 group: io.fabric8.platform.apps name: keycloak spec: to: kind: Service name: keycloak - apiVersion: v1 kind: Route metadata: annotations: fabric8.io/target-platform: openshift service.alpha.openshift.io/dependencies: '[{"name":"keycloak-db","namespace":"","kind":"Service"}]' labels: expose: "true" provider: fabric8 project: keycloak version: 4.0.21 group: io.fabric8.platform.apps name: sso spec: port: targetPort: 8080 to: kind: Service name: sso