diff --git a/.drone.yml b/.drone.yml index c0d2577..8e3129e 100644 --- a/.drone.yml +++ b/.drone.yml @@ -1,16 +1,21 @@ --- kind: pipeline -name: default +name: deploy to swarm.autonomic.zone steps: - - name: Deploy Keycloak with Dokku - image: appleboy/drone-git-push:0.2.0-linux-amd64 + - name: deployment + image: decentral1se/drone-stack:19.03.8 settings: - remote: ssh://dokku@dokku.autonomic.zone:222/keycloak - ssh_key: - from_secret: drone_deploy_key + compose: compose.yml + host: tcp://swarm.autonomic.zone:2376 + stack_name: keycloak + tlsverify: true + environment: + PLUGIN_CACERT: + from_secret: docker_cacert + PLUGIN_CERT: + from_secret: docker_cert + PLUGIN_KEY: + from_secret: docker_key trigger: branch: - master - event: - exclude: - - pull_request diff --git a/.envrc.sample b/.envrc.sample deleted file mode 100644 index cfe67cc..0000000 --- a/.envrc.sample +++ /dev/null @@ -1,2 +0,0 @@ -# The path to our pass credentials store -export PASSWORD_STORE_DIR=$(pwd)/../infrastructure/credentials/password-store diff --git a/Dockerfile b/Dockerfile deleted file mode 100644 index 9c89e05..0000000 --- a/Dockerfile +++ /dev/null @@ -1,3 +0,0 @@ -FROM jboss/keycloak:9.0.2 - -EXPOSE 8080 diff --git a/README.md b/README.md index 6918b1f..482750f 100644 --- a/README.md +++ b/README.md @@ -1,7 +1,5 @@ -# keycloak +# id.autonomic.zone -[![Build Status](https://drone.autonomic.zone/api/badges/autonomic-cooperative/keycloak/status.svg)](https://drone.autonomic.zone/autonomic-cooperative/keycloak) - -> https://keycloak.org +[![Build Status](https://drone.autonomic.zone/api/badges/autonomic-cooperative/id.autonomic.zone/status.svg)](https://drone.autonomic.zone/autonomic-cooperative/id.autonomic.zone) > https://id.autonomic.zone diff --git a/compose.yml b/compose.yml new file mode 100644 index 0000000..a3a74c9 --- /dev/null +++ b/compose.yml @@ -0,0 +1,66 @@ +--- +version: "3.8" + +services: + keycloak: + image: "jboss/keycloak:9.0.2" + networks: + - proxy + - internal + secrets: + - admin_passwd + - db_passwd + environment: + - DB_ADDR=mariadb + - DB_DATABASE=keycloak + - DB_PASSWORD_FILE=/run/secrets/db_passwd + - DB_USER=keycloak + - DB_VENDOR=mariadb + - KEYCLOAK_PASSWORD_FILE=/run/secrets/admin_passwd + - KEYCLOAK_USER=autonomic + - PROXY_ADDRESS_FORWARDING=true + depends_on: + - mariadb + deploy: + update_config: + failure_action: rollback + labels: + - "traefik.enable=true" + - "traefik.http.routers.keycloak.rule=Host(`id.autonomic.zone`)" + - "traefik.http.routers.keycloak.entrypoints=web-secure" + - "traefik.http.services.keycloak.loadbalancer.server.port=8080" + - "traefik.http.routers.keycloak.tls.certresolver=production" + + mariadb: + image: "mariadb:10.5" + environment: + - MYSQL_DATABASE=keycloak + - MYSQL_USER=keycloak + - MYSQL_PASSWORD_FILE=/run/secrets/db_passwd + - MYSQL_ROOT_PASSWORD_FILE=/run/secrets/db_root_passwd + secrets: + - db_passwd + - db_root_passwd + volumes: + - "mariadb:/var/lib/mysql" + networks: + - internal + +networks: + internal: + proxy: + external: true + +secrets: + admin_passwd: + name: keycloak_admin_passwd_v1 + external: true + db_passwd: + name: keycloak_db_passwd_v1 + external: true + db_root_passwd: + name: keycloak_db_root_passwd_v1 + external: true + +volumes: + mariadb: diff --git a/deploy.d/config.yml b/deploy.d/config.yml deleted file mode 100644 index 6d15f8f..0000000 --- a/deploy.d/config.yml +++ /dev/null @@ -1,20 +0,0 @@ ---- -vars: - port: "8080" - domain: "id.autonomic.zone" - -db: - - type: "mariadb" - passwd: "{{ vault.db_passwd }}" - root_passwd: "{{ vault.root_db_passwd }}" - -env: - DB_ADDR: "{{ dokku.mariadb_addr }}" - DB_DATABASE: "keycloak" - DB_PASSWORD: "{{ vault.db_passwd }}" - DB_USER: "{{ dokku.mariadb_user }}" - DB_VENDOR: "mariadb" - DOKKU_LETSENCRYPT_EMAIL: "helo@autonomic.zone" - KEYCLOAK_PASSWORD: "{{ vault.autonomic_admin_pass }}" - KEYCLOAK_USER: "autonomic" - PROXY_ADDRESS_FORWARDING: "true" diff --git a/deploy.d/vault/autonomic_admin_pass.yml b/deploy.d/vault/autonomic_admin_pass.yml deleted file mode 100644 index 01cc22f..0000000 --- a/deploy.d/vault/autonomic_admin_pass.yml +++ /dev/null @@ -1,9 +0,0 @@ ---- -autonomic_admin_pass: !vault | - $ANSIBLE_VAULT;1.1;AES256 - 35303431663632323539653636353862383432626466376263666238346263663839396638333162 - 3661306338336635653936386335646665623332376330370a363039323662616432366132316135 - 32343839356631383832366638326661323661623033343338306336313639376664373931313364 - 3732653332646462630a366563633737303934656561343461633630613666306634646433373465 - 35373966653563303664336231643134653866653135363537383230383262353634356165613631 - 3136333437386635656234386432316466386566626238333161 diff --git a/deploy.d/vault/db_passwd.yml b/deploy.d/vault/db_passwd.yml deleted file mode 100644 index ab397c3..0000000 --- a/deploy.d/vault/db_passwd.yml +++ /dev/null @@ -1,9 +0,0 @@ ---- -db_passwd: !vault | - $ANSIBLE_VAULT;1.1;AES256 - 65626261633661356263353564376431633962663461353261316534306635376137393164393036 - 3163373239316364646165656666626462616434346365640a313832663133636132376330623132 - 30313534333135386336373566376634326339303233653336383665346463333037643265663537 - 3135333366313433340a643565653265363531633561306163303938323731393133326165336639 - 37396330363062326465386163373733653165623961626537336139633663326630666462386262 - 3463376239386531313534653834326637386635643961306436 diff --git a/deploy.d/vault/root_db_passwd.yml b/deploy.d/vault/root_db_passwd.yml deleted file mode 100644 index 778d8d2..0000000 --- a/deploy.d/vault/root_db_passwd.yml +++ /dev/null @@ -1,9 +0,0 @@ ---- -root_db_passwd: !vault | - $ANSIBLE_VAULT;1.1;AES256 - 66626439333936646661366235393638343639393730633435643166666331376432616632343330 - 3564313661336331356661343465666462376430366234650a616561333233633631333135333865 - 64343963346537353534663134306466336531383037636132646662626163313061333435646661 - 3335623563616438650a366666323631383039656632333862383836313739383361333864633962 - 35303435396237346230393431363030666536646361643566636534613063376532626434653731 - 6334346166646231666165623462666638646236613133656330