Migrate to swarm configuration
All checks were successful
continuous-integration/drone/push Build is passing

This commit is contained in:
Luke Murphy 2020-06-22 13:25:41 +02:00
parent d9c479d67f
commit 305ec20d27
No known key found for this signature in database
GPG Key ID: 5E2EF5A63E3718CC
9 changed files with 82 additions and 65 deletions

View File

@ -1,16 +1,21 @@
--- ---
kind: pipeline kind: pipeline
name: default name: deploy to swarm.autonomic.zone
steps: steps:
- name: Deploy Keycloak with Dokku - name: deployment
image: appleboy/drone-git-push:0.2.0-linux-amd64 image: decentral1se/drone-stack:19.03.8
settings: settings:
remote: ssh://dokku@dokku.autonomic.zone:222/keycloak compose: compose.yml
ssh_key: host: tcp://swarm.autonomic.zone:2376
from_secret: drone_deploy_key stack_name: keycloak
tlsverify: true
environment:
PLUGIN_CACERT:
from_secret: docker_cacert
PLUGIN_CERT:
from_secret: docker_cert
PLUGIN_KEY:
from_secret: docker_key
trigger: trigger:
branch: branch:
- master - master
event:
exclude:
- pull_request

View File

@ -1,2 +0,0 @@
# The path to our pass credentials store
export PASSWORD_STORE_DIR=$(pwd)/../infrastructure/credentials/password-store

View File

@ -1,3 +0,0 @@
FROM jboss/keycloak:9.0.2
EXPOSE 8080

View File

@ -1,7 +1,5 @@
# keycloak # id.autonomic.zone
[![Build Status](https://drone.autonomic.zone/api/badges/autonomic-cooperative/keycloak/status.svg)](https://drone.autonomic.zone/autonomic-cooperative/keycloak) [![Build Status](https://drone.autonomic.zone/api/badges/autonomic-cooperative/id.autonomic.zone/status.svg)](https://drone.autonomic.zone/autonomic-cooperative/id.autonomic.zone)
> https://keycloak.org
> https://id.autonomic.zone > https://id.autonomic.zone

66
compose.yml Normal file
View File

@ -0,0 +1,66 @@
---
version: "3.8"
services:
keycloak:
image: "jboss/keycloak:9.0.2"
networks:
- proxy
- internal
secrets:
- admin_passwd
- db_passwd
environment:
- DB_ADDR=mariadb
- DB_DATABASE=keycloak
- DB_PASSWORD_FILE=/run/secrets/db_passwd
- DB_USER=keycloak
- DB_VENDOR=mariadb
- KEYCLOAK_PASSWORD_FILE=/run/secrets/admin_passwd
- KEYCLOAK_USER=autonomic
- PROXY_ADDRESS_FORWARDING=true
depends_on:
- mariadb
deploy:
update_config:
failure_action: rollback
labels:
- "traefik.enable=true"
- "traefik.http.routers.keycloak.rule=Host(`id.autonomic.zone`)"
- "traefik.http.routers.keycloak.entrypoints=web-secure"
- "traefik.http.services.keycloak.loadbalancer.server.port=8080"
- "traefik.http.routers.keycloak.tls.certresolver=production"
mariadb:
image: "mariadb:10.5"
environment:
- MYSQL_DATABASE=keycloak
- MYSQL_USER=keycloak
- MYSQL_PASSWORD_FILE=/run/secrets/db_passwd
- MYSQL_ROOT_PASSWORD_FILE=/run/secrets/db_root_passwd
secrets:
- db_passwd
- db_root_passwd
volumes:
- "mariadb:/var/lib/mysql"
networks:
- internal
networks:
internal:
proxy:
external: true
secrets:
admin_passwd:
name: keycloak_admin_passwd_v1
external: true
db_passwd:
name: keycloak_db_passwd_v1
external: true
db_root_passwd:
name: keycloak_db_root_passwd_v1
external: true
volumes:
mariadb:

View File

@ -1,20 +0,0 @@
---
vars:
port: "8080"
domain: "id.autonomic.zone"
db:
- type: "mariadb"
passwd: "{{ vault.db_passwd }}"
root_passwd: "{{ vault.root_db_passwd }}"
env:
DB_ADDR: "{{ dokku.mariadb_addr }}"
DB_DATABASE: "keycloak"
DB_PASSWORD: "{{ vault.db_passwd }}"
DB_USER: "{{ dokku.mariadb_user }}"
DB_VENDOR: "mariadb"
DOKKU_LETSENCRYPT_EMAIL: "helo@autonomic.zone"
KEYCLOAK_PASSWORD: "{{ vault.autonomic_admin_pass }}"
KEYCLOAK_USER: "autonomic"
PROXY_ADDRESS_FORWARDING: "true"

View File

@ -1,9 +0,0 @@
---
autonomic_admin_pass: !vault |
$ANSIBLE_VAULT;1.1;AES256
35303431663632323539653636353862383432626466376263666238346263663839396638333162
3661306338336635653936386335646665623332376330370a363039323662616432366132316135
32343839356631383832366638326661323661623033343338306336313639376664373931313364
3732653332646462630a366563633737303934656561343461633630613666306634646433373465
35373966653563303664336231643134653866653135363537383230383262353634356165613631
3136333437386635656234386432316466386566626238333161

View File

@ -1,9 +0,0 @@
---
db_passwd: !vault |
$ANSIBLE_VAULT;1.1;AES256
65626261633661356263353564376431633962663461353261316534306635376137393164393036
3163373239316364646165656666626462616434346365640a313832663133636132376330623132
30313534333135386336373566376634326339303233653336383665346463333037643265663537
3135333366313433340a643565653265363531633561306163303938323731393133326165336639
37396330363062326465386163373733653165623961626537336139633663326630666462386262
3463376239386531313534653834326637386635643961306436

View File

@ -1,9 +0,0 @@
---
root_db_passwd: !vault |
$ANSIBLE_VAULT;1.1;AES256
66626439333936646661366235393638343639393730633435643166666331376432616632343330
3564313661336331356661343465666462376430366234650a616561333233633631333135333865
64343963346537353534663134306466336531383037636132646662626163313061333435646661
3335623563616438650a366666323631383039656632333862383836313739383361333864633962
35303435396237346230393431363030666536646361643566636534613063376532626434653731
6334346166646231666165623462666638646236613133656330