(keycloak) progress for #1341

cluster/apps/auth/kustomization.yaml

@@ -2,5 +2,5 @@
 apiVersion: kustomize.config.k8s.io/v1beta1
 kind: Kustomization
 resources:
-  #- realms
+  # - realms
   - authentik

cluster/apps/auth/realms/bloopysphere/db/README.md

@@ -1,3 +1,5 @@
 # Database
 
-For this instance I am using [cloudnative-pg](https://github.com/cloudnative-pg/cloudnative-pg) for the postgres database. The backing storage will just be `local-path` as it is kind of wasteful to use ceph for backing storage since the cnpg operator will be replicating it anyway. Backups will be done into a ceph-rgw object-store. For this an `ObjectBucketClaim` is created. The `rook-ceph-operator` will provision the bucket and then add a configMap and secret to the bucket namespace which will contain credentials that can be used by the backup process. See [ObjectBucketClaim Documentation](https://rook.io/docs/rook/v1.9/Storage-Configuration/Object-Storage-RGW/ceph-object-bucket-claim/)
+For this instance I am using [cloudnative-pg](https://github.com/cloudnative-pg/cloudnative-pg) for the postgres database. The backing storage will just be `local-path` as it is kind of wasteful to use ceph for backing storage since the cnpg operator will be replicating it anyway.
+
+ Backups will be done into a ceph-rgw object-store. For this an `ObjectBucketClaim` is created. The `rook-ceph-operator` will provision the bucket and then add a configMap and secret to the bucket namespace which will contain credentials that can be used by the backup process. See [ObjectBucketClaim Documentation](https://rook.io/docs/rook/v1.9/Storage-Configuration/Object-Storage-RGW/ceph-object-bucket-claim/)

cluster/apps/auth/realms/bloopysphere/db/alerts/kustomization.yaml

@@ -0,0 +1,5 @@
+---
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+resources:
+  - ./prometheus-rule.yaml

cluster/apps/auth/realms/bloopysphere/db/kustomization.yaml → cluster/apps/auth/realms/bloopysphere/db/backup/kustomization.yaml

@@ -4,6 +4,3 @@ kind: Kustomization
 resources:
   - ./obc-backup-v1.yaml
   - ./backup-schedule.yaml
-  - ./secret.sops.yaml
-  # - ./prometheus-rule.yaml
-  # - ./cnpg-v15.yaml

cluster/apps/auth/realms/bloopysphere/db/cluster/kustomization.yaml

@@ -0,0 +1,5 @@
+---
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+resources:
+  - ./cnpg-v15.yaml

cluster/apps/auth/realms/bloopysphere/db/config/kustomization.yaml

@@ -0,0 +1,5 @@
+---
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+resources:
+  - ./secret.sops.yaml

cluster/apps/auth/realms/bloopysphere/db/ks.yaml

@@ -0,0 +1,95 @@
+---
+apiVersion: kustomize.toolkit.fluxcd.io/v1
+kind: Kustomization
+metadata:
+  name: cluster-iam-keycloak-db-config
+  namespace: flux-system
+  labels:
+    substitution.flux.home.arpa/enabled: "false"
+spec:
+  interval: 10m
+  path: "./cluster/apps/auth/realms/bloopysphere/db/config"
+  prune: true
+  sourceRef:
+    kind: GitRepository
+    name: flux-system
+  wait: true
+  healthChecks:
+    - apiVersion: v1
+      kind: Secret
+      name: kc-postgres-user
+---
+apiVersion: kustomize.toolkit.fluxcd.io/v1
+kind: Kustomization
+metadata:
+  name: cluster-iam-keycloak-db-backup
+  namespace: flux-system
+  labels:
+    substitution.flux.home.arpa/enabled: "false"
+spec:
+  interval: 10m
+  path: "./cluster/apps/auth/realms/bloopysphere/db/backup"
+  prune: true
+  sourceRef:
+    kind: GitRepository
+    name: flux-system
+  wait: true
+  dependsOn:
+    - name: cluster-core-rook-ceph-cluster
+    - name: cluster-apps-cloudnative-pg
+  healthChecks:
+    - apiVersion: objectbucket.io/v1alpha1
+      kind: ObjectBucketClaim
+      name: cnpg-kc-backup-v1
+    - apiVersion: postgresql.cnpg.io/v1
+      kind: ScheduledBackup
+      name: backup-schedule-kc-postgres-v1
+---
+apiVersion: kustomize.toolkit.fluxcd.io/v1
+kind: Kustomization
+metadata:
+  name: cluster-iam-keycloak-db-cluster
+  namespace: flux-system
+  labels:
+    substitution.flux.home.arpa/enabled: "false"
+spec:
+  interval: 10m
+  path: "./cluster/apps/auth/realms/bloopysphere/db/cluster"
+  prune: true
+  sourceRef:
+    kind: GitRepository
+    name: flux-system
+  wait: true
+  dependsOn:
+    - name: cluster-apps-cloudnative-pg
+    - name: cluster-apps-local-path-provisioner
+    - name: cluster-iam-keycloak-db-config
+    # Needed for rook-ceph bucket credentials
+    - name: cluster-iam-keycloak-db-backup
+  healthChecks:
+    - apiVersion: postgresql.cnpg.io/v1
+      kind: Cluster
+      name: kc-postgres
+---
+apiVersion: kustomize.toolkit.fluxcd.io/v1
+kind: Kustomization
+metadata:
+  name: cluster-iam-keycloak-db-alerts
+  namespace: flux-system
+  labels:
+    substitution.flux.home.arpa/enabled: "false"
+spec:
+  interval: 10m
+  path: "./cluster/apps/auth/realms/bloopysphere/db/alerts"
+  prune: true
+  sourceRef:
+    kind: GitRepository
+    name: flux-system
+  wait: true
+  dependsOn:
+    - name: kube-prometheus-stack-crds
+    - name: cluster-iam-keycloak-db-cluster
+  healthChecks:
+    - apiVersion: monitoring.coreos.com/v1
+      kind: PrometheusRule
+      name: kc-cnpg-rules

cluster/apps/auth/realms/bloopysphere/keycloak.yaml → cluster/apps/auth/realms/bloopysphere/keycloak/instance/keycloak.yaml

@@ -2,7 +2,8 @@
 apiVersion: k8s.keycloak.org/v2alpha1
 kind: Keycloak
 metadata:
-  name: example-kc
+  name: kc-instance
+  namespace: auth
 spec:
   instances: 1
   db:

cluster/apps/auth/realms/bloopysphere/keycloak/instance/kustomization.yaml

@@ -0,0 +1,5 @@
+---
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+resources:
+  - ./keycloak.yaml

cluster/apps/auth/realms/bloopysphere/keycloak/ks.yaml

@@ -0,0 +1,22 @@
+---
+apiVersion: kustomize.toolkit.fluxcd.io/v1
+kind: Kustomization
+metadata:
+  name: cluster-iam-keycloak-instance
+  namespace: flux-system
+  labels:
+    substitution.flux.home.arpa/enabled: "true"
+spec:
+  interval: 10m
+  path: "./cluster/apps/auth/realms/bloopysphere/instance"
+  prune: true
+  sourceRef:
+    kind: GitRepository
+    name: flux-system
+  wait: true
+  dependsOn:
+    - name: cluster-iam-keycloak-db-cluster
+  healthChecks:
+    - apiVersion: k8s.keycloak.org/v2alpha1
+      kind: Keycloak
+      name: kc-instance

cluster/apps/auth/realms/bloopysphere/kustomization.yaml

@@ -3,4 +3,5 @@ apiVersion: kustomize.config.k8s.io/v1beta1
 kind: Kustomization
 resources:
   # - ./certificate.yaml
-  - ./db
+  - ./db/ks.yaml
+  - ./keycloak/ks.yaml

cluster/apps/monitoring/snmp-exporter/synology-nas/helm-release.yaml

@@ -53,3 +53,10 @@ spec:
       relabelings:
         - sourceLabels: [__param_target]
           targetLabel: instance
+    resources:
+      requests:
+        cpu: 15m
+        memory: 64M
+      limits:
+        cpu: 73m
+        memory: 76M

cluster/core/monitoring/kube-prometheus-stack/prometheus-values.yaml

@@ -43,7 +43,7 @@ prometheus:
   prometheusSpec:
     resources:
       requests:
-        memory: 3250Mi
+        memory: 4Gi
         cpu: 250m
       limits:
         memory: 8200Mi