working keycloak configuration

2025-05-24 14:56:06 +02:00 · 2025-05-24 14:56:06 +02:00 · d50d8b7136
commit d50d8b7136
parent 844533a514
5 changed files with 12 additions and 78 deletions
--- a/haproxy/ingress.yaml
+++ b/haproxy/ingress.yaml
@ -30,8 +30,19 @@ spec:
                  number: 80
    - host: "www.reault.tech"
      http: *http_rules
+    - host: "iam.reault.tech"
+      http:
+        paths:
+          - path: /
+            pathType: Prefix
+            backend:
+              service:
+                name: keycloak-service
+                port:
+                  number: 8080
  tls:
    - secretName: reault-tech-cert # cert-manager will store the certificate and key in this secret
      hosts:
        - www.reault.tech
        - reault.tech
+        - iam.reault.tech
--- a/haproxy/sticky-ingress.yaml
+++ b/haproxy/sticky-ingress.yaml
@ -1,28 +0,0 @@
-apiVersion: networking.k8s.io/v1
-kind: Ingress
-metadata:
-  name: sticky-ingress-controller
-  annotations:
-    haproxy.org/rate-limit-period: "1m"
-    haproxy.org/rate-limit-requests: "200"
-    haproxy.org/rate-limit-status-code: "429"
-    # add an annotation indicating the issuer to use
-    cert-manager.io/cluster-issuer: letsencrypt
-    cookie-persistence: "example-session-persistence-cookie"
-spec:
-  ingressClassName: haproxy
-  rules:
-    - host: "iam.reault.tech"
-      http:
-        paths:
-          - path: /
-            pathType: Prefix
-            backend:
-              service:
-                name: keycloak-service
-                port:
-                  number: 8080
-  tls:
-    - secretName: reault-tech-cert # cert-manager will store the certificate and key in this secret
-      hosts:
-        - iam.reault.tech
--- a/keycloak/keycloak-crd.yaml
+++ b/keycloak/keycloak-crd.yaml
@ -20,7 +20,7 @@ spec:
    httpsPort: 8443
    tlsSecret: reault-tech-cert
  hostname:
-    hostname: iam.reault.tech
+    hostname: "https://iam.reault.tech"
  proxy:
    headers: xforwarded # double check your reverse proxy sets and overwrites the X-Forwarded-* headers
  resources:
--- a/keycloak/keycloak-deployment.yaml
+++ b/keycloak/keycloak-deployment.yaml
@ -1,37 +0,0 @@
---
-apiVersion: apps/v1
-kind: Deployment
-metadata:
-  name: keycloak
-  labels:
-    app: keycloak
-spec:
-  replicas: 1
-  selector:
-    matchLabels:
-      app: keycloak
-  template:
-    metadata:
-      labels:
-        app: keycloak
-    spec:
-      containers:
-        - name: keycloak
-          image: quay.io/keycloak/keycloak:26.1.3
-          args: ["start-dev"]
-          env:
-            - name: KEYCLOAK_ADMIN
-              value: "admin"
-            - name: KEYCLOAK_ADMIN_PASSWORD
-              value: "admin"
-            - name: KC_PROXY
-              value: "edge"
-            - name: KC_HEALTH_ENABLED
-              value: "true"
-          ports:
-            - name: http
-              containerPort: 8080
-          readinessProbe:
-            httpGet:
-              path: /health/ready
-              port: 9000
--- a/keycloak/keycloak-service.yaml
+++ b/keycloak/keycloak-service.yaml
@ -1,12 +0,0 @@
---
-apiVersion: v1
-kind: Service
-metadata:
-  name: keycloak
-spec:
-  type: ClusterIP
-  selector:
-    app: keycloak
-  ports:
-    - protocol: TCP
-      port: 8080