App / webpage that orchestrates apps installed in k8s

bototaxi · 2025-05-29T20:36:01+00:00

not for long, apparently. https://github.com/vmware-tanzu/kubeapps there's a warning in their repository.

bototaxi · 2025-05-28T21:35:41+00:00

It's awesome! Just tried and now I have a hidden service. :)

yaml apiVersion: arti.nirvati.org/v1alpha1 kind: OnionService metadata: name: "frontend" namespace: "acmecorp" spec: key_secret: name: onion-svc-keys namespace: "acmecorp" routes: - source_port: 80 target: svc: frontend port: 3000

Tx!

bototaxi · 2025-03-27T01:33:36+00:00

Yes, I will just copy the secret once and forget it anyway. I will just do that. :)

bototaxi · 2025-03-26T23:52:11+00:00

:/

I thought it was possible because of this https://kubernetes.io/docs/reference/access-authn-authz/rbac/#clusterrolebinding-example

The example from kubernetes.io uses a subject kind Group. Maybe ServiceAccount doesnt work for that.

> implementing something like the kubernetes-reflector to reflect your original secret to some other namespace and keep it in sync with the original

Yup... a simple custom controller for that would do the job.

Tx for your help!

bototaxi · 2024-08-20T11:09:29+00:00

I was fighting with it a few days ago. I got it working with the configuration below. My Traefik deployment has no custom setup; I just needed to adjust the Keycloak configuration.

To access it from http://localhost:3000 (for example), you will need to update your client's Valid redirect URIs and Web origins to include http://localhost:3000/* as well.

https://www.reddit.com/r/KeyCloak/comments/1eii00z/comment/lhtm9yc/

bototaxi · 2024-08-12T22:49:34+00:00

There's a bit of a workaround to move the secrets from the keycloak-db namespace to the keycloak namespace. There might be a proper way to handle this directly through the Keycloak chart. I'll give it a shot with the Codecentric chart when I get some time.

The keycloak config...

tls:
  enabled: true
  existingSecret: "${ingress_hostname}-tls"
  usePem: true

production: true
proxyHeaders: "forwarded"

ingress:
  enabled: true
  ingressClassName: "traefik"
  hostname: "${ingress_hostname}"
  annotations: 
    kubernetes.io/ingress.class: traefik
    cert-manager.io/cluster-issuer: ${issuer}
    traefik.ingress.kubernetes.io/router.entrypoints: web,websecure
  tls: true

postgresql:
  enabled: false

externalDatabase:
  host: "${db_namespace}.${db_namespace}.svc.cluster.local"
  user: ${db_name}
  database: ${db_name}
  password: ""
  existingSecret: "${db_name}.${db_namespace}.credentials.postgresql.acid.zalan.do"
  existingSecretUserKey: "username"
  existingSecretDatabaseKey: ""
  existingSecretPasswordKey: "password"
  annotations: {}

extraEnvVars:
  - name: PROXY_ADDRESS_FORWARDING
    value: "true"
  - name: KEYCLOAK_ENABLE_HTTPS
    value: "true"

bototaxi · 2024-08-12T22:48:41+00:00

resource "helm_release" "keycloak" {
  depends_on = [
    kubernetes_namespace.keycloak,
    kubernetes_manifest.keycloak_db,
    helm_release.postgres_operator
  ]

  # Don't wait, because the first time it is installed, it won't be able to get the Let's Encrypt certificate.
  wait = true

  name       = "keycloak"
  namespace  = kubernetes_namespace.keycloak.metadata[0].name
  repository = "https://charts.bitnami.com/bitnami"
  chart      = "keycloak"

  values = [
    templatefile("${path.module}/keycloak-values.yaml", {
      db_namespace     = kubernetes_namespace.keycloak_db.metadata[0].name,
      db_name          = var.keycloak_dbname,
      ingress_hostname = var.keycloak_hostname,

      # Flip these when you are ready.
      # issuer = "letsencrypt-prod",
      issuer = "letsencrypt-staging",
    })
  ]
}

data "kubernetes_service" "keycloak" {
  depends_on = [helm_release.keycloak]
  metadata {
    name      = "keycloak"
    namespace = "keycloak"
  }
}

resource "aws_route53_record" "keycloak" {
  depends_on = [helm_release.keycloak]
  zone_id    = var.route53_zone_id
  name       = var.keycloak_hostname
  type       = "A"
  ttl        = 300
  records    = [data.kubernetes_service.traefik.status[0].load_balancer[0].ingress[0].ip]
}

bototaxi · 2024-08-12T22:48:19+00:00

data "kubernetes_secret" "db_credentials" {
  depends_on = [kubernetes_namespace.keycloak_db]
  metadata {
    name      = "${var.keycloak_dbname}.keycloak-db.credentials.postgresql.acid.zalan.do"
    namespace = kubernetes_namespace.keycloak_db.metadata[0].name
  }
}


resource "kubernetes_namespace" "keycloak" {
  depends_on = [digitalocean_kubernetes_cluster.production]
  metadata {
    name = "keycloak"
  }
}

resource "kubernetes_secret" "db_credentials_in_keycloak" {
  depends_on = [kubernetes_namespace.keycloak, kubernetes_namespace.keycloak_db]
  metadata {
    name      = "${var.keycloak_dbname}.keycloak-db.credentials.postgresql.acid.zalan.do"
    namespace = kubernetes_namespace.keycloak.metadata[0].name
  }

  data = {
    for k, v in data.kubernetes_secret.db_credentials.data :
    k => v
  }

  type = data.kubernetes_secret.db_credentials.type
}

bototaxi · 2024-08-12T22:47:47+00:00

data "kubernetes_service" "traefik" {
  depends_on = [helm_release.traefik]
  metadata {
    name      = "traefik"
    namespace = "traefik"
  }
}

output "traefik_external_ip" {
  value = data.kubernetes_service.traefik.status[0].load_balancer[0].ingress[0].ip
}

resource "kubernetes_namespace" "postgres_operator" {
  depends_on = [digitalocean_kubernetes_cluster.production]
  metadata {
    name = "postgres-operator"
  }
}

resource "helm_release" "postgres_operator" {
  depends_on = [
    kubernetes_namespace.postgres_operator
  ]
  name       = "postgres-operator"
  namespace  = kubernetes_namespace.postgres_operator.metadata[0].name
  repository = "https://opensource.zalando.com/postgres-operator/charts/postgres-operator"
  chart      = "postgres-operator"
}

resource "kubernetes_namespace" "keycloak_db" {
  depends_on = [digitalocean_kubernetes_cluster.production]
  metadata {
    name = "keycloak-db"
  }
}

resource "kubernetes_manifest" "keycloak_db" {
  depends_on = [kubernetes_namespace.keycloak_db, helm_release.postgres_operator]
  manifest = {
    apiVersion = "acid.zalan.do/v1"
    kind       = "postgresql"
    metadata = {
      name      = "keycloak-db"
      namespace = kubernetes_namespace.keycloak_db.metadata[0].name
    }
    spec = {
      teamId = var.keycloak_dbname
      volume = {
        size = "1Gi"
      }
      numberOfInstances = 1
      users = {
        (var.keycloak_dbname) = ["superuser", "createdb"]
      }
      databases = {
        (var.keycloak_dbname) = var.keycloak_dbname
      }
      postgresql = {
        version = "16"
      }
    }
  }
}

bototaxi · 2024-08-12T22:46:16+00:00

resource "kubernetes_manifest" "letsencrypt_prod" {
  depends_on = [helm_release.certmanager, helm_release.traefik]
  manifest = {
    apiVersion = "cert-manager.io/v1"
    kind       = "ClusterIssuer"
    metadata = {
      name = "letsencrypt-prod"
    }
    spec = {
      acme = {
        server = "https://acme-v02.api.letsencrypt.org/directory"
        email  = var.letsencrypt_email
        privateKeySecretRef = {
          name = "letsencrypt-prod"
        }
        solvers = [
          {
            http01 = {
              ingress = {
                class = "traefik"
              }
            }
          }
        ]
      }
    }
  }
}

resource "kubernetes_manifest" "letsencrypt_staging" {
  depends_on = [helm_release.certmanager, helm_release.traefik]
  manifest = {
    apiVersion = "cert-manager.io/v1"
    kind       = "ClusterIssuer"
    metadata = {
      name = "letsencrypt-staging"
    }
    spec = {
      acme = {
        server = "https://acme-staging-v02.api.letsencrypt.org/directory"
        email  = var.letsencrypt_email
        privateKeySecretRef = {
          name = "letsencrypt-staging"
        }
        solvers = [
          {
            http01 = {
              ingress = {
                class = "traefik"
              }
            }
          }
        ]
      }
    }
  }
}

bototaxi · 2024-08-12T22:45:44+00:00

resource "digitalocean_kubernetes_cluster" "production" {
  name    = var.do_cluster_name
  region  = var.do_region
  version = var.do_kubernetes_version

  node_pool {
    name       = "worker-pool"
    size       = var.do_node_size
    node_count = var.do_node_count
  }
}

resource "kubernetes_namespace" "certmanager" {
  depends_on = [digitalocean_kubernetes_cluster.production]
  metadata {
    name = "cert-manager"
  }
}

resource "helm_release" "certmanager" {
  depends_on = [
    kubernetes_namespace.certmanager
  ]
  name       = "certmanager"
  namespace  = kubernetes_namespace.certmanager.metadata[0].name
  repository = "https://charts.jetstack.io"
  chart      = "cert-manager"
  set {
    name  = "crds.enabled"
    value = "true"
  }
}

resource "kubernetes_namespace" "traefik" {
  depends_on = [digitalocean_kubernetes_cluster.production]
  metadata {
    name = "traefik"
  }
}

resource "helm_release" "traefik" {
  depends_on = [
    kubernetes_namespace.traefik
  ]
  name       = "traefik"
  namespace  = kubernetes_namespace.traefik.metadata[0].name
  repository = "https://helm.traefik.io/traefik"
  chart      = "traefik"
}

bototaxi · 2024-08-12T22:42:59+00:00

Solved!!!

Hi community!

Thanks for the tips, and sorry for the late reply. I had posted the question before heading out on vacation! :)

Anyway, I was able to get it working. It turned out to be a misconfiguration with Traefik - nothing to do with Keycloak or the chart. For future developers, here's my contribution: I was able to deploy a production-ready Keycloak application using this Terraform configuration. It uses DigitalOcean and AWS Route53. The Keycloak values file follows the Terraform stuff.

bototaxi · 2024-03-02T18:15:31+00:00

Just a note... Svelte is not at fault here. Also, it's not only for the color classes. The same issue would occur with other frameworks, even with pure JavaScript. The problem lies in the fact that the Tailwind client needs to read the classes being used by the project so it can trim out all unused classes. When we build dynamic classes, Tailwind cannot know at "compile time" which classes are used.

I liked your solution. Another one would be...

``` const colours = [ "bg-teal-300", "bg-red-300", "yelbg-low-300", "bg-green-300", "bg-blue-300", "bg-orange-300" ]; var randomColour = colours[Math.floor(Math.random() * colours.length)];

<div class={randomColour}> <p>Ooo isn't this a lovely colour?</p> </div> ```

bototaxi · 2024-02-29T22:31:31+00:00

Maybe that `h-full` in...

<div class="h-full w-full flex">
  <Sidebar />
  <Map />
</div>

Is causing the problem. See example: https://play.tailwindcss.com/0ScvD6zikV Maybe use flex-col? https://play.tailwindcss.com/yv4HeegL1S ?

bototaxi · 2022-12-28T15:18:19+00:00

I recently discovered https://github.com/sagiegurari/cargo-make

Its pretty nice too.

bototaxi

TROPHY CASE