Migrate to swarm configuration

2020-06-22 13:25:41 +02:00 · 2020-06-22 13:25:41 +02:00 · 305ec20d27
commit 305ec20d27
parent d9c479d67f
9 changed files with 82 additions and 65 deletions
--- a/.drone.yml
+++ b/.drone.yml
@ -1,16 +1,21 @@
 ---
 kind: pipeline
-name: default
+name: deploy to swarm.autonomic.zone
 steps:
-  - name: Deploy Keycloak with Dokku
-    image: appleboy/drone-git-push:0.2.0-linux-amd64
+  - name: deployment
+    image: decentral1se/drone-stack:19.03.8
    settings:
-      remote: ssh://dokku@dokku.autonomic.zone:222/keycloak
-      ssh_key:
-        from_secret: drone_deploy_key
+      compose: compose.yml
+      host: tcp://swarm.autonomic.zone:2376
+      stack_name: keycloak
+      tlsverify: true
+    environment:
+      PLUGIN_CACERT:
+        from_secret: docker_cacert
+      PLUGIN_CERT:
+        from_secret: docker_cert
+      PLUGIN_KEY:
+        from_secret: docker_key
 trigger:
  branch:
    - master
-  event:
-    exclude:
-      - pull_request
--- a/.envrc.sample
+++ b/.envrc.sample
@ -1,2 +0,0 @@
-# The path to our pass credentials store
-export PASSWORD_STORE_DIR=$(pwd)/../infrastructure/credentials/password-store
--- a/3
+++ b/3
@ -1,3 +0,0 @@
-FROM jboss/keycloak:9.0.2
-
-EXPOSE 8080
--- a/README.md
+++ b/README.md
@ -1,7 +1,5 @@
-# keycloak
+# id.autonomic.zone

-[![Build Status](https://drone.autonomic.zone/api/badges/autonomic-cooperative/keycloak/status.svg)](https://drone.autonomic.zone/autonomic-cooperative/keycloak)
-
-> https://keycloak.org
+[![Build Status](https://drone.autonomic.zone/api/badges/autonomic-cooperative/id.autonomic.zone/status.svg)](https://drone.autonomic.zone/autonomic-cooperative/id.autonomic.zone)

 > https://id.autonomic.zone
--- a/compose.yml
+++ b/compose.yml
@ -0,0 +1,66 @@
+---
+version: "3.8"
+
+services:
+  keycloak:
+    image: "jboss/keycloak:9.0.2"
+    networks:
+      - proxy
+      - internal
+    secrets:
+      - admin_passwd
+      - db_passwd
+    environment:
+      - DB_ADDR=mariadb
+      - DB_DATABASE=keycloak
+      - DB_PASSWORD_FILE=/run/secrets/db_passwd
+      - DB_USER=keycloak
+      - DB_VENDOR=mariadb
+      - KEYCLOAK_PASSWORD_FILE=/run/secrets/admin_passwd
+      - KEYCLOAK_USER=autonomic
+      - PROXY_ADDRESS_FORWARDING=true
+    depends_on:
+      - mariadb
+    deploy:
+      update_config:
+        failure_action: rollback
+      labels:
+        - "traefik.enable=true"
+        - "traefik.http.routers.keycloak.rule=Host(`id.autonomic.zone`)"
+        - "traefik.http.routers.keycloak.entrypoints=web-secure"
+        - "traefik.http.services.keycloak.loadbalancer.server.port=8080"
+        - "traefik.http.routers.keycloak.tls.certresolver=production"
+
+  mariadb:
+    image: "mariadb:10.5"
+    environment:
+      - MYSQL_DATABASE=keycloak
+      - MYSQL_USER=keycloak
+      - MYSQL_PASSWORD_FILE=/run/secrets/db_passwd
+      - MYSQL_ROOT_PASSWORD_FILE=/run/secrets/db_root_passwd
+    secrets:
+      - db_passwd
+      - db_root_passwd
+    volumes:
+      - "mariadb:/var/lib/mysql"
+    networks:
+      - internal
+
+networks:
+  internal:
+  proxy:
+    external: true
+
+secrets:
+  admin_passwd:
+    name: keycloak_admin_passwd_v1
+    external: true
+  db_passwd:
+    name: keycloak_db_passwd_v1
+    external: true
+  db_root_passwd:
+    name: keycloak_db_root_passwd_v1
+    external: true
+
+volumes:
+  mariadb:
--- a/deploy.d/config.yml
+++ b/deploy.d/config.yml
@ -1,20 +0,0 @@
---
-vars:
-  port: "8080"
-  domain: "id.autonomic.zone"
-
-db:
-  - type: "mariadb"
-    passwd: "{{ vault.db_passwd }}"
-    root_passwd: "{{ vault.root_db_passwd }}"
-
-env:
-  DB_ADDR: "{{ dokku.mariadb_addr }}"
-  DB_DATABASE: "keycloak"
-  DB_PASSWORD: "{{ vault.db_passwd }}"
-  DB_USER: "{{ dokku.mariadb_user }}"
-  DB_VENDOR: "mariadb"
-  DOKKU_LETSENCRYPT_EMAIL: "helo@autonomic.zone"
-  KEYCLOAK_PASSWORD: "{{ vault.autonomic_admin_pass }}"
-  KEYCLOAK_USER: "autonomic"
-  PROXY_ADDRESS_FORWARDING: "true"
--- a/deploy.d/vault/autonomic_admin_pass.yml
+++ b/deploy.d/vault/autonomic_admin_pass.yml
@ -1,9 +0,0 @@
---
-autonomic_admin_pass: !vault |
-  $ANSIBLE_VAULT;1.1;AES256
-  35303431663632323539653636353862383432626466376263666238346263663839396638333162
-  3661306338336635653936386335646665623332376330370a363039323662616432366132316135
-  32343839356631383832366638326661323661623033343338306336313639376664373931313364
-  3732653332646462630a366563633737303934656561343461633630613666306634646433373465
-  35373966653563303664336231643134653866653135363537383230383262353634356165613631
-  3136333437386635656234386432316466386566626238333161
--- a/deploy.d/vault/db_passwd.yml
+++ b/deploy.d/vault/db_passwd.yml
@ -1,9 +0,0 @@
---
-db_passwd: !vault |
-  $ANSIBLE_VAULT;1.1;AES256
-  65626261633661356263353564376431633962663461353261316534306635376137393164393036
-  3163373239316364646165656666626462616434346365640a313832663133636132376330623132
-  30313534333135386336373566376634326339303233653336383665346463333037643265663537
-  3135333366313433340a643565653265363531633561306163303938323731393133326165336639
-  37396330363062326465386163373733653165623961626537336139633663326630666462386262
-  3463376239386531313534653834326637386635643961306436
--- a/deploy.d/vault/root_db_passwd.yml
+++ b/deploy.d/vault/root_db_passwd.yml
@ -1,9 +0,0 @@
---
-root_db_passwd: !vault |
-  $ANSIBLE_VAULT;1.1;AES256
-  66626439333936646661366235393638343639393730633435643166666331376432616632343330
-  3564313661336331356661343465666462376430366234650a616561333233633631333135333865
-  64343963346537353534663134306466336531383037636132646662626163313061333435646661
-  3335623563616438650a366666323631383039656632333862383836313739383361333864633962
-  35303435396237346230393431363030666536646361643566636534613063376532626434653731
-  6334346166646231666165623462666638646236613133656330