Add keycloak related files
- add docker stack with network
- add glusterfs bricks
- add keycloak proxy config
Change-Id: If5b0b057c683e3e841352cd4c9e5ad059a93ff29
diff --git a/docker/swarm/network/keycloak_backend.yml b/docker/swarm/network/keycloak_backend.yml
new file mode 100644
index 0000000..5b1c625
--- /dev/null
+++ b/docker/swarm/network/keycloak_backend.yml
@@ -0,0 +1,11 @@
+parameters:
+ _param:
+ docker_keycloak_network_subnet: 10.70.0.0/24
+ docker:
+ client:
+ network:
+ keycloak_backend:
+ subnet: ${_param:docker_keycloak_network_subnet}
+ driver: overlay
+ attachable: true
+
diff --git a/docker/swarm/stack/keycloak.yml b/docker/swarm/stack/keycloak.yml
new file mode 100644
index 0000000..0187a08
--- /dev/null
+++ b/docker/swarm/stack/keycloak.yml
@@ -0,0 +1,38 @@
+parameters:
+ _param:
+ docker_keycloak_server_replicas: 3
+ docker_keycloak_proxy_replicas: 1
+ docker_image_keycloak_server: jboss/keycloak:3.4.2.Final
+ docker_image_keycloak_proxy: jboss/keycloak-proxy:3.4.2.h
+ keycloak_bind_port: ${_param:haproxy_keycloak_bind_port}
+ keycloak_proxy_bind_port: ${_param:haproxy_keycloak_proxy_bind_port}
+ docker:
+ client:
+ stack:
+ keycloak:
+ service:
+ keycloak-server:
+ image: ${_param:docker_image_keycloak_server}
+ deploy:
+ replicas: ${_param:docker_keycloak_server_replicas}
+ restart_policy:
+ condition: any
+ ports:
+ - ${_param:haproxy_keycloak_exposed_port}:${_param:keycloak_bind_port}
+ volumes:
+ - /srv/volumes/keycloak/server/:/app
+ keycloak-proxy:
+ image: ${_param:docker_image_keycloak_proxy}
+ deploy:
+ replicas: ${_param:docker_keycloak_proxy_replicas}
+ restart_policy:
+ condition: any
+ ports:
+ - ${_param:haproxy_keycloak_proxy_exposed_port}:${_param:keycloak_proxy_bind_port}
+ volumes:
+ - /srv/volumes/keycloak/proxy/proxy.json:/opt/jboss/conf/proxy.json
+ network:
+ default:
+ external:
+ name: keycloak_backend
+
diff --git a/glusterfs/client/volume/keycloak.yml b/glusterfs/client/volume/keycloak.yml
new file mode 100644
index 0000000..06d6134
--- /dev/null
+++ b/glusterfs/client/volume/keycloak.yml
@@ -0,0 +1,16 @@
+parameters:
+ _param:
+ keycloak_glusterfs_service_host: ${_param:glusterfs_service_host}
+ glusterfs_node01_address: ${_param:cluster_node01_address}
+ glusterfs_node02_address: ${_param:cluster_node02_address}
+ glusterfs_node03_address: ${_param:cluster_node03_address}
+ glusterfs:
+ client:
+ volumes:
+ keycloak:
+ path: /srv/volumes/keycloak
+ server: ${_param:keycloak_glusterfs_service_host}
+ opts: "defaults,backup-volfile-servers=${_param:glusterfs_node01_address}:${_param:glusterfs_node02_address}:${_param:glusterfs_node03_address}"
+ user: 1000
+ group: 1000
+
diff --git a/glusterfs/server/volume/keycloak.yml b/glusterfs/server/volume/keycloak.yml
new file mode 100644
index 0000000..c8c71f0
--- /dev/null
+++ b/glusterfs/server/volume/keycloak.yml
@@ -0,0 +1,20 @@
+parameters:
+ glusterfs:
+ server:
+ volumes:
+ keycloak:
+ storage: /srv/glusterfs/keycloak
+ replica: 3
+ bricks:
+ - ${_param:cluster_node01_address}:/srv/glusterfs/keycloak
+ - ${_param:cluster_node02_address}:/srv/glusterfs/keycloak
+ - ${_param:cluster_node03_address}:/srv/glusterfs/keycloak
+ options:
+ cluster.readdir-optimize: On
+ nfs.disable: On
+ network.remote-dio: On
+ diagnostics.client-log-level: WARNING
+ diagnostics.brick-log-level: WARNING
+ cluster.favorite-child-policy: mtime
+
+
diff --git a/haproxy/proxy/listen/keycloak.yml b/haproxy/proxy/listen/keycloak.yml
new file mode 100644
index 0000000..73697a3
--- /dev/null
+++ b/haproxy/proxy/listen/keycloak.yml
@@ -0,0 +1,71 @@
+parameters:
+ _param:
+ haproxy_keycloak_bind_host: ${_param:haproxy_bind_address}
+ haproxy_keycloak_bind_port: 8086
+ haproxy_keycloak_exposed_port: 18086
+ haproxy_keycloak_ssl:
+ enabled: false
+ haproxy_keycloak_proxy_bind_host: ${_param:haproxy_bind_address}
+ haproxy_keycloak_proxy_bind_port: 8180
+ haproxy_keycloak_proxy_exposed_port: 18180
+ haproxy_keycloak_proxy_ssl:
+ enabled: false
+ haproxy:
+ proxy:
+ listen:
+ keycloak:
+ mode: http
+ options:
+ - forwardfor
+ - httpchk
+ - httpclose
+ - httplog
+ balance: source
+ http_request:
+ - action: "add-header X-Forwarded-Proto https"
+ condition: "if { ssl_fc }"
+ binds:
+ - address: ${_param:haproxy_keycloak_bind_host}
+ port: ${_param:haproxy_keycloak_bind_port}
+ ssl: ${_param:haproxy_keycloak_ssl}
+ servers:
+ - name: ${_param:cluster_node01_name}
+ host: ${_param:cluster_node01_address}
+ port: ${_param:haproxy_keycloak_exposed_port}
+ params: check
+ - name: ${_param:cluster_node02_name}
+ host: ${_param:cluster_node02_address}
+ port: ${_param:haproxy_keycloak_exposed_port}
+ params: backup check
+ - name: ${_param:cluster_node03_name}
+ host: ${_param:cluster_node03_address}
+ port: ${_param:haproxy_keycloak_exposed_port}
+ params: backup check
+ keycloak_proxy:
+ mode: http
+ options:
+ - forwardfor
+ - httpchk
+ - httpclose
+ - httplog
+ balance: source
+ http_request:
+ - action: "add-header X-Forwarded-Proto https"
+ condition: "if { ssl_fc }"
+ binds:
+ - address: ${_param:haproxy_keycloak_proxy_bind_host}
+ port: ${_param:haproxy_keycloak_proxy_bind_port}
+ ssl: ${_param:haproxy_keycloak_proxy_ssl}
+ servers:
+ - name: ${_param:cluster_node01_name}
+ host: ${_param:cluster_node01_address}
+ port: ${_param:haproxy_keycloak_proxy_exposed_port}
+ params: check
+ - name: ${_param:cluster_node02_name}
+ host: ${_param:cluster_node02_address}
+ port: ${_param:haproxy_keycloak_proxy_exposed_port}
+ params: backup check
+ - name: ${_param:cluster_node03_name}
+ host: ${_param:cluster_node03_address}
+ port: ${_param:haproxy_keycloak_proxy_exposed_port}
+ params: backup check
diff --git a/keycloak/proxy/application/devops_portal.yml b/keycloak/proxy/application/devops_portal.yml
new file mode 100644
index 0000000..bf09f69
--- /dev/null
+++ b/keycloak/proxy/application/devops_portal.yml
@@ -0,0 +1,13 @@
+parameters:
+ _param:
+ keycloak_proxy_devops_portal_base_path: "/"
+ keycloak:
+ proxy:
+ applications:
+ devops_portal:
+ base_path: "${_param:keycloak_proxy_devops_portal_base_path}"
+ adapter_config:
+ realm: "jaeger"
+ auth_server_url: "http://keycloak/auth"
+ resource: "proxy-jaeger"
+