keycloak

2026-03-17 15:24:24 +01:00
parent 91d0b592ca
commit a294016e84
3 changed files with 114 additions and 0 deletions
--- a/infra/keycloak.yaml
+++ b/infra/keycloak.yaml
@@ -0,0 +1,42 @@
+apiVersion: argoproj.io/v1alpha1
+kind: Application
+metadata:
+  name: keycloak
+  namespace: argocd
+  annotations:
+    argocd.argoproj.io/sync-wave: "1"
+  labels:
+    app.kubernetes.io/name: keycloak
+    app.kubernetes.io/part-of: identity
+    app.kubernetes.io/managed-by: argocd
+  finalizers:
+  - resources-finalizer.argocd.argoproj.io
+spec:
+  project: default
+
+  sources:
+  - repoURL: https://charts.bitnami.com/bitnami
+    chart: keycloak
+    targetRevision: "25.2.0"
+    helm:
+      releaseName: keycloak
+      valueFiles:
+      - $values/infra/values/keycloak-values.yaml
+
+  - repoURL: git@github.com:fortedigital/sturdy-adventure.git
+    targetRevision: HEAD
+    ref: values
+
+  destination:
+    server: https://kubernetes.default.svc
+    namespace: keycloak
+
+  syncPolicy:
+    automated:
+      prune: true
+      selfHeal: true
+      allowEmpty: false
+    syncOptions:
+    - CreateNamespace=true
+    - Validate=true
+    - ServerSideApply=true
--- a/infra/values/keycloak-values.yaml
+++ b/infra/values/keycloak-values.yaml
@@ -0,0 +1,55 @@
+# Bitnami Keycloak Helm Chart Values
+# Host: id.forteapps.net
+# Chart version: 25.2.0
+
+production: true
+proxyHeaders: xforwarded
+
+auth:
+  adminUser: admin
+  existingSecret: keycloak-credentials
+  passwordSecretKey: admin-password
+
+ingress:
+  enabled: true
+  hostname: id.forteapps.net
+  tls: true
+  ingressClassName: traefik
+  annotations:
+    cert-manager.io/cluster-issuer: letsencrypt-prod
+
+resources:
+  requests:
+    cpu: 250m
+    memory: 512Mi
+  limits:
+    cpu: "1"
+    memory: 1Gi
+
+postgresql:
+  enabled: true
+  auth:
+    existingSecret: keycloak-credentials
+    secretKeys:
+      adminPasswordKey: postgres-password
+      userPasswordKey: password
+    username: bn_keycloak
+    database: bitnami_keycloak
+  primary:
+    persistence:
+      size: 8Gi
+
+keycloakConfigCli:
+  enabled: true
+  configuration:
+    forte-realm.json: |
+      {
+        "realm": "forte",
+        "enabled": true,
+        "displayName": "Forte",
+        "sslRequired": "external",
+        "registrationAllowed": false,
+        "loginWithEmailAllowed": true,
+        "resetPasswordAllowed": true,
+        "rememberMe": true
+      }