diff --git a/.github/workflows/ci-actions.yml b/.github/workflows/ci-actions.yml index 22eede58..ac64695f 100644 --- a/.github/workflows/ci-actions.yml +++ b/.github/workflows/ci-actions.yml @@ -186,143 +186,3 @@ jobs: snapshot: false tags: "main" buildoptions: "--pull" - - test-container-images: - needs: [container-images] - runs-on: ubuntu-latest - strategy: - matrix: - os: [ubuntu-latest] - browser: [chrome, firefox] - services: - keycloak: - image: quay.io/keycloak/keycloak:12.0.2 - ports: - - 8180:8080 - env: - KEYCLOAK_USER: admin - KEYCLOAK_PASSWORD: admin - options: >- - --health-cmd "curl --fail http://localhost:8080/auth || exit 1" - --health-interval 10s - --health-timeout 5s - --health-retries 5 - controls-db: - image: postgres:13.1 - ports: - - 5433:5432 - env: - POSTGRES_USER: user - POSTGRES_PASSWORD: password - POSTGRES_DB: controls_db - options: >- - --health-cmd pg_isready - --health-interval 10s - --health-timeout 5s - --health-retries 5 - application-inventory-db: - image: postgres:13.1 - ports: - - 5434:5432 - env: - POSTGRES_USER: user - POSTGRES_PASSWORD: password - POSTGRES_DB: application_inventory_db - options: >- - --health-cmd pg_isready - --health-interval 10s - --health-timeout 5s - --health-retries 5 - pathfinder-db: - image: postgres:13.1 - ports: - - 5435:5432 - env: - POSTGRES_USER: user - POSTGRES_PASSWORD: password - POSTGRES_DB: pathfinder_db - options: >- - --health-cmd pg_isready - --health-interval 10s - --health-timeout 5s - --health-retries 5 - steps: - - uses: actions/checkout@v2 - - name: Keycloak Admin CLI - uses: carlosthe19916/keycloak-action@0.4 - with: - server: http://keycloak:8080/auth - username: admin - password: admin - kcadm: create realms -f konveyor-realm.json - - name: Controls API - run: | - docker run -d --name controls --network ${{ job.services.controls-db.network }} --network-alias controls -p 8081:8080 \ - -e QUARKUS_HTTP_PORT=8080 \ - -e QUARKUS_DATASOURCE_USERNAME=user \ - -e QUARKUS_DATASOURCE_PASSWORD=password \ - -e QUARKUS_DATASOURCE_JDBC_URL=jdbc:postgresql://controls-db:5432/controls_db \ - -e QUARKUS_OIDC_AUTH_SERVER_URL=http://keycloak:8080/auth/realms/konveyor \ - -e QUARKUS_OIDC_CLIENT_ID=controls-api \ - -e QUARKUS_OIDC_CREDENTIALS_SECRET=secret \ - quay.io/konveyor/tackle-controls:latest-native - sleep 5s && docker logs controls - - name: Application inventory API - run: | - docker run -d --name application-inventory --network ${{ job.services.application-inventory-db.network }} --network-alias application-inventory -p 8082:8080 \ - -e QUARKUS_HTTP_PORT=8080 \ - -e QUARKUS_DATASOURCE_USERNAME=user \ - -e QUARKUS_DATASOURCE_PASSWORD=password \ - -e QUARKUS_DATASOURCE_JDBC_URL=jdbc:postgresql://application-inventory-db:5432/application_inventory_db \ - -e QUARKUS_OIDC_AUTH_SERVER_URL=http://keycloak:8080/auth/realms/konveyor \ - -e QUARKUS_OIDC_CLIENT_ID=application-inventory-api \ - -e QUARKUS_OIDC_CREDENTIALS_SECRET=secret \ - quay.io/konveyor/tackle-application-inventory:latest-native - sleep 5s && docker logs application-inventory - - name: Pathfinder API - run: | - docker run -d --name pathfinder --network ${{ job.services.pathfinder-db.network }} --network-alias pathfinder -p 8083:8080 \ - -e QUARKUS_HTTP_PORT=8080 \ - -e QUARKUS_DATASOURCE_USERNAME=user \ - -e QUARKUS_DATASOURCE_PASSWORD=password \ - -e QUARKUS_DATASOURCE_JDBC_URL=jdbc:postgresql://pathfinder-db:5432/pathfinder_db \ - -e QUARKUS_OIDC_AUTH_SERVER_URL=http://keycloak:8080/auth/realms/konveyor \ - -e QUARKUS_OIDC_CLIENT_ID=pathfinder-api \ - -e QUARKUS_OIDC_CREDENTIALS_SECRET=secret \ - quay.io/konveyor/tackle-pathfinder:latest-native - sleep 5s && docker logs pathfinder - - name: Tackle UI - run: | - docker run -d --name tackle-ui --network ${{ job.services.keycloak.network }} --network-alias tackle-ui -p 3000:8080 \ - -e SSO_REALM=konveyor \ - -e SSO_CLIENT_ID=tackle-ui \ - -e SSO_SERVER_URL=http://keycloak:8080/auth \ - -e CONTROLS_API_URL=http://controls:8080/controls \ - -e APPLICATION_INVENTORY_API_URL=http://application-inventory:8080/application-inventory \ - -e PATHFINDER_API_URL=http://pathfinder:8080/pathfinder \ - quay.io/konveyor/tackle-ui:main - sleep 5s && docker logs tackle-ui - - name: Cypress run - uses: cypress-io/github-action@v2 - with: - record: false - wait-on: "http://localhost:3000" - wait-on-timeout: 120 - config: pageLoadTimeout=100000 - browser: ${{ matrix.browser }} - env: - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - CYPRESS_auth_base_url: http://localhost:3000/auth - CYPRESS_controls_base_url: http://localhost:8081/controls - CYPRESS_application_inventory_base_url: http://localhost:8082/application-inventory - CYPRESS_pathfinder_base_url: http://localhost:8083/pathfinder - - uses: actions/upload-artifact@v1 - if: failure() - with: - name: container-screenshots-${{ matrix.os }}-${{ matrix.browser }} - path: cypress/screenshots - - uses: actions/upload-artifact@v1 - if: always() - with: - name: container-videos-${{ matrix.os }}-${{ matrix.browser }} - path: cypress/videos diff --git a/.github/workflows/ci-daily.yml b/.github/workflows/ci-daily.yml new file mode 100644 index 00000000..589e9c46 --- /dev/null +++ b/.github/workflows/ci-daily.yml @@ -0,0 +1,90 @@ +name: CI Daily + +# Temporary definition just to test this workflow in PRs +on: + pull_request: + branches: + - main + +# on: +# schedule: +# - cron: "0 0 * * *" +# workflow_dispatch: {} + +jobs: + ks8: + runs-on: ${{ matrix.os }} + strategy: + matrix: + os: [ubuntu-latest] + browser: [chrome] + steps: + - name: Checkout + uses: actions/checkout@v2 + with: + path: tackle-ui + - name: Checkout + uses: actions/checkout@v2 + with: + repository: konveyor/tackle-ui-tests + path: tackle-ui-tests + - name: Setup Minikube + uses: manusa/actions-setup-minikube@v2.3.1 + with: + minikube version: v1.18.1 + kubernetes version: v1.20.2 + start args: "--addons=registry --addons=ingress" + - name: Validate Minikube + run: minikube status | grep Running + - name: Validate Cluster + run: kubectl get nodes + - name: Validate enabled addon in arg + run: minikube addons list -o json | jq '.registry.Status' | grep enabled + - name: Kubectl create namespace + run: kubectl create ns tackle + - name: Deploy keycloak + run: | + kubectl create -f tackle-ui/kubernetes/keycloak -n tackle + kubectl wait deployment/keycloak --for condition=available --timeout=-1s -n tackle + - name: Deploy tackle-controls + run: | + kubectl create -f tackle-ui/kubernetes/controls -n tackle + kubectl wait deployment/tackle-controls --for condition=available --timeout=-1s -n tackle + - name: Deploy tackle-application-inventory + run: | + kubectl create -f tackle-ui/kubernetes/application-inventory -n tackle + kubectl wait deployment/tackle-application-inventory --for condition=available --timeout=-1s -n tackle + - name: Deploy tackle-pathfinder + run: | + kubectl create -f tackle-ui/kubernetes/pathfinder -n tackle + kubectl wait deployment/tackle-pathfinder --for condition=available --timeout=-1s -n tackle + - name: Deploy tackle-ui + run: | + kubectl create -f tackle-ui/kubernetes/ui -n tackle + kubectl wait deployment/tackle-ui --for condition=available --timeout=-1s -n tackle + - name: Kubectl create ingress + run: kubectl create -f tackle-ui/kubernetes/ing1.yml -n tackle + - name: Wait for Ingress + run: | + bash -c 'external_ip=""; + while [ -z $external_ip ]; + do echo "Waiting for end point..."; + external_ip=$(kubectl get ingress tackle --template="{{range .status.loadBalancer.ingress}}{{.ip}}{{end}}" -n tackle);[ -z "$external_ip" ] && + sleep 10; + done; + echo "End point ready:" && + echo $external_ip; + export endpoint=$external_ip; + echo "CYPRESS_tackleUrl=https://$external_ip" >>$GITHUB_ENV' + - name: Cypress run + uses: cypress-io/github-action@v2 + with: + working-directory: tackle-ui-tests + record: false + start: npx echo "Starting Minikube Cypress tests" + config: pageLoadTimeout=100000 + browser: ${{ matrix.browser }} + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + CYPRESS_user: admin + CYPRESS_pass: admin diff --git a/kubernetes/application-inventory/db-deploy.yml b/kubernetes/application-inventory/db-deploy.yml new file mode 100644 index 00000000..3b2368f0 --- /dev/null +++ b/kubernetes/application-inventory/db-deploy.yml @@ -0,0 +1,84 @@ +kind: Deployment +apiVersion: apps/v1 +metadata: + name: application-inventory-db + labels: + app.kubernetes.io/name: application-inventory-db + app.kubernetes.io/version: "10.6" + app.kubernetes.io/component: database + app.kubernetes.io/instance: application-inventory-db + app.kubernetes.io/part-of: tackle +spec: + replicas: 1 + selector: + matchLabels: + app.kubernetes.io/name: application-inventory-db + app.kubernetes.io/version: "10.6" + template: + metadata: + labels: + app.kubernetes.io/name: application-inventory-db + app.kubernetes.io/version: "10.6" + spec: + volumes: + - name: application-inventory-db-data + persistentVolumeClaim: + claimName: application-inventory-db + containers: + - name: postgres + image: postgres:10.6 + ports: + - containerPort: 5432 + protocol: TCP + env: + - name: POSTGRES_USER + value: application-inventory_username + - name: POSTGRES_PASSWORD + value: application-inventory_password + - name: POSTGRES_DB + value: application-inventory_db + resources: {} + livenessProbe: + exec: + command: + - /bin/sh + - "-c" + - | + psql -U $POSTGRES_USER -d $POSTGRES_DB -c 'SELECT 1' + initialDelaySeconds: 60 + timeoutSeconds: 10 + periodSeconds: 10 + successThreshold: 1 + failureThreshold: 3 + readinessProbe: + exec: + command: + - /bin/sh + - "-c" + - | + psql -U $POSTGRES_USER -d $POSTGRES_DB -c 'SELECT 1' + initialDelaySeconds: 10 + timeoutSeconds: 1 + periodSeconds: 10 + successThreshold: 1 + failureThreshold: 3 + terminationMessagePath: "/dev/termination-log" + terminationMessagePolicy: File + imagePullPolicy: IfNotPresent + volumeMounts: + - name: application-inventory-db-data + mountPath: "/var/lib/db" + securityContext: + privileged: false + restartPolicy: Always + terminationGracePeriodSeconds: 30 + dnsPolicy: ClusterFirst + securityContext: {} + schedulerName: default-scheduler + strategy: + type: RollingUpdate + rollingUpdate: + maxUnavailable: 25% + maxSurge: 25% + revisionHistoryLimit: 10 + progressDeadlineSeconds: 600 diff --git a/kubernetes/application-inventory/db-pvc.yml b/kubernetes/application-inventory/db-pvc.yml new file mode 100644 index 00000000..e2ddf10c --- /dev/null +++ b/kubernetes/application-inventory/db-pvc.yml @@ -0,0 +1,16 @@ +kind: PersistentVolumeClaim +apiVersion: v1 +metadata: + name: application-inventory-db + labels: + app.kubernetes.io/name: application-inventory-db + app.kubernetes.io/component: database + app.kubernetes.io/instance: application-inventory-db + app.kubernetes.io/part-of: tackle +spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 1Gi + volumeMode: Filesystem \ No newline at end of file diff --git a/kubernetes/application-inventory/db-svc.yml b/kubernetes/application-inventory/db-svc.yml new file mode 100644 index 00000000..2eedecd9 --- /dev/null +++ b/kubernetes/application-inventory/db-svc.yml @@ -0,0 +1,21 @@ +kind: Service +apiVersion: v1 +metadata: + name: application-inventory-db + labels: + app.kubernetes.io/name: application-inventory-db + app.kubernetes.io/version: "10.6" + app.kubernetes.io/component: database + app.kubernetes.io/instance: application-inventory-db + app.kubernetes.io/part-of: tackle +spec: + ports: + - name: tcp + protocol: TCP + port: 5432 + targetPort: 5432 + selector: + app.kubernetes.io/name: application-inventory-db + app.kubernetes.io/version: "10.6" + type: ClusterIP + sessionAffinity: None diff --git a/kubernetes/application-inventory/deploy.yml b/kubernetes/application-inventory/deploy.yml new file mode 100644 index 00000000..11fd4ecc --- /dev/null +++ b/kubernetes/application-inventory/deploy.yml @@ -0,0 +1,77 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + annotations: + prometheus.io/port: "8080" + prometheus.io/scheme: http + prometheus.io/scrape: "true" + prometheus.io/path: "/q/metrics" + labels: + app.kubernetes.io/component: rest + app.kubernetes.io/name: tackle-application-inventory + app.kubernetes.io/part-of: tackle + name: tackle-application-inventory +spec: + replicas: 1 + selector: + matchLabels: + app.kubernetes.io/name: tackle-application-inventory + app.kubernetes.io/part-of: tackle + template: + metadata: + annotations: + prometheus.io/port: "8080" + prometheus.io/scheme: http + prometheus.io/scrape: "true" + prometheus.io/path: "/q/metrics" + labels: + app.kubernetes.io/component: rest + app.kubernetes.io/name: tackle-application-inventory + app.kubernetes.io/part-of: tackle + spec: + containers: + - env: + - name: KUBERNETES_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: QUARKUS_DATASOURCE_USERNAME + value: application-inventory_username + - name: QUARKUS_DATASOURCE_PASSWORD + value: application-inventory_password + - name: QUARKUS_DATASOURCE_JDBC_URL + value: jdbc:postgresql://application-inventory-db:5432/application-inventory_db + - name: QUARKUS_OIDC_AUTH_SERVER_URL + value: http://keycloak:8080/auth/realms/konveyor + - name: QUARKUS_OIDC_CLIENT_ID + value: application-inventory-api + - name: QUARKUS_OIDC_CREDENTIALS_SECRET + value: secret + image: quay.io/konveyor/tackle-application-inventory:latest-native + imagePullPolicy: Always + livenessProbe: + failureThreshold: 3 + httpGet: + path: "/application-inventory/q/health/live" + port: 8080 + scheme: HTTP + initialDelaySeconds: 0 + periodSeconds: 30 + successThreshold: 1 + timeoutSeconds: 10 + name: tackle-application-inventory + ports: + - containerPort: 8080 + name: http + protocol: TCP + readinessProbe: + failureThreshold: 3 + httpGet: + path: "/application-inventory/q/health/ready" + port: 8080 + scheme: HTTP + initialDelaySeconds: 0 + periodSeconds: 30 + successThreshold: 1 + timeoutSeconds: 10 + resources: {} diff --git a/kubernetes/application-inventory/svc.yml b/kubernetes/application-inventory/svc.yml new file mode 100644 index 00000000..d1f33e6a --- /dev/null +++ b/kubernetes/application-inventory/svc.yml @@ -0,0 +1,23 @@ +apiVersion: v1 +kind: Service +metadata: + annotations: + prometheus.io/scheme: http + prometheus.io/scrape: 'true' + prometheus.io/path: "/q/metrics" + prometheus.io/port: '8080' + labels: + app.kubernetes.io/name: tackle-application-inventory + app.kubernetes.io/part-of: tackle + app.kubernetes.io/component: rest + app.openshift.io/runtime: quarkus + name: tackle-application-inventory +spec: + ports: + - name: http + port: 8080 + targetPort: 8080 + selector: + app.kubernetes.io/name: tackle-application-inventory + app.kubernetes.io/part-of: tackle + type: ClusterIP \ No newline at end of file diff --git a/kubernetes/controls/db-deploy.yml b/kubernetes/controls/db-deploy.yml new file mode 100644 index 00000000..c3e76a5d --- /dev/null +++ b/kubernetes/controls/db-deploy.yml @@ -0,0 +1,84 @@ +kind: Deployment +apiVersion: apps/v1 +metadata: + name: controls-db + labels: + app.kubernetes.io/name: controls-db + app.kubernetes.io/version: "10.6" + app.kubernetes.io/component: database + app.kubernetes.io/instance: controls-db + app.kubernetes.io/part-of: tackle +spec: + replicas: 1 + selector: + matchLabels: + app.kubernetes.io/name: controls-db + app.kubernetes.io/version: "10.6" + template: + metadata: + labels: + app.kubernetes.io/name: controls-db + app.kubernetes.io/version: "10.6" + spec: + volumes: + - name: controls-db-data + persistentVolumeClaim: + claimName: controls-db + containers: + - name: postgres + image: postgres:10.6 + ports: + - containerPort: 5432 + protocol: TCP + env: + - name: POSTGRES_USER + value: controls_username + - name: POSTGRES_PASSWORD + value: controls_password + - name: POSTGRES_DB + value: controls_db + resources: {} + livenessProbe: + exec: + command: + - /bin/sh + - "-c" + - | + psql -U $POSTGRES_USER -d $POSTGRES_DB -c 'SELECT 1' + initialDelaySeconds: 60 + timeoutSeconds: 10 + periodSeconds: 10 + successThreshold: 1 + failureThreshold: 3 + readinessProbe: + exec: + command: + - /bin/sh + - "-c" + - | + psql -U $POSTGRES_USER -d $POSTGRES_DB -c 'SELECT 1' + initialDelaySeconds: 10 + timeoutSeconds: 1 + periodSeconds: 10 + successThreshold: 1 + failureThreshold: 3 + terminationMessagePath: /dev/termination-log + terminationMessagePolicy: File + imagePullPolicy: IfNotPresent + volumeMounts: + - name: controls-db-data + mountPath: "/var/lib/db" + securityContext: + privileged: false + restartPolicy: Always + terminationGracePeriodSeconds: 30 + dnsPolicy: ClusterFirst + securityContext: {} + schedulerName: default-scheduler + strategy: + type: RollingUpdate + rollingUpdate: + maxUnavailable: 25% + maxSurge: 25% + revisionHistoryLimit: 10 + progressDeadlineSeconds: 600 diff --git a/kubernetes/controls/db-pvc.yml b/kubernetes/controls/db-pvc.yml new file mode 100644 index 00000000..f3ec4e04 --- /dev/null +++ b/kubernetes/controls/db-pvc.yml @@ -0,0 +1,16 @@ +kind: PersistentVolumeClaim +apiVersion: v1 +metadata: + name: controls-db + labels: + app.kubernetes.io/name: controls-db + app.kubernetes.io/component: database + app.kubernetes.io/instance: controls-db + app.kubernetes.io/part-of: tackle +spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 1Gi + volumeMode: Filesystem \ No newline at end of file diff --git a/kubernetes/controls/db-svc.yml b/kubernetes/controls/db-svc.yml new file mode 100644 index 00000000..854e59fc --- /dev/null +++ b/kubernetes/controls/db-svc.yml @@ -0,0 +1,21 @@ +kind: Service +apiVersion: v1 +metadata: + name: controls-db + labels: + app.kubernetes.io/name: controls-db + app.kubernetes.io/version: "10.6" + app.kubernetes.io/component: database + app.kubernetes.io/instance: controls-db + app.kubernetes.io/part-of: tackle +spec: + ports: + - name: tcp + protocol: TCP + port: 5432 + targetPort: 5432 + selector: + app.kubernetes.io/name: controls-db + app.kubernetes.io/version: "10.6" + type: ClusterIP + sessionAffinity: None diff --git a/kubernetes/controls/deploy.yml b/kubernetes/controls/deploy.yml new file mode 100644 index 00000000..ea91a28e --- /dev/null +++ b/kubernetes/controls/deploy.yml @@ -0,0 +1,77 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + annotations: + prometheus.io/port: "8080" + prometheus.io/scheme: http + prometheus.io/scrape: "true" + prometheus.io/path: /q/metrics + labels: + app.kubernetes.io/component: rest + app.kubernetes.io/name: tackle-controls + app.kubernetes.io/part-of: tackle + name: tackle-controls +spec: + replicas: 1 + selector: + matchLabels: + app.kubernetes.io/name: tackle-controls + app.kubernetes.io/part-of: tackle + template: + metadata: + annotations: + prometheus.io/port: "8080" + prometheus.io/scheme: http + prometheus.io/scrape: "true" + prometheus.io/path: /q/metrics + labels: + app.kubernetes.io/component: rest + app.kubernetes.io/name: tackle-controls + app.kubernetes.io/part-of: tackle + spec: + containers: + - env: + - name: KUBERNETES_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: QUARKUS_DATASOURCE_USERNAME + value: controls_username + - name: QUARKUS_DATASOURCE_PASSWORD + value: controls_password + - name: QUARKUS_DATASOURCE_JDBC_URL + value: jdbc:postgresql://controls-db:5432/controls_db + - name: QUARKUS_OIDC_AUTH_SERVER_URL + value: http://keycloak:8080/auth/realms/konveyor + - name: QUARKUS_OIDC_CLIENT_ID + value: controls-api + - name: QUARKUS_OIDC_CREDENTIALS_SECRET + value: secret + image: quay.io/konveyor/tackle-controls:latest-native + imagePullPolicy: Always + livenessProbe: + failureThreshold: 3 + httpGet: + path: /controls/q/health/live + port: 8080 + scheme: HTTP + initialDelaySeconds: 0 + periodSeconds: 30 + successThreshold: 1 + timeoutSeconds: 10 + name: tackle-controls + ports: + - containerPort: 8080 + name: http + protocol: TCP + readinessProbe: + failureThreshold: 3 + httpGet: + path: /controls/q/health/ready + port: 8080 + scheme: HTTP + initialDelaySeconds: 0 + periodSeconds: 30 + successThreshold: 1 + timeoutSeconds: 10 + resources: {} \ No newline at end of file diff --git a/kubernetes/controls/svc.yml b/kubernetes/controls/svc.yml new file mode 100644 index 00000000..0415bed9 --- /dev/null +++ b/kubernetes/controls/svc.yml @@ -0,0 +1,22 @@ +apiVersion: v1 +kind: Service +metadata: + annotations: + prometheus.io/port: "8080" + prometheus.io/scheme: http + prometheus.io/scrape: "true" + prometheus.io/path: /q/metrics + labels: + app.kubernetes.io/name: tackle-controls + app.kubernetes.io/part-of: tackle + app.kubernetes.io/component: rest + name: tackle-controls +spec: + ports: + - name: http + port: 8080 + targetPort: 8080 + selector: + app.kubernetes.io/name: tackle-controls + app.kubernetes.io/part-of: tackle + type: ClusterIP diff --git a/kubernetes/ing1.yml b/kubernetes/ing1.yml new file mode 100644 index 00000000..88b99d15 --- /dev/null +++ b/kubernetes/ing1.yml @@ -0,0 +1,20 @@ +kind: Ingress +apiVersion: networking.k8s.io/v1 +metadata: + name: tackle + labels: + app.kubernetes.io/name: tackle + app.kubernetes.io/component: application + app.kubernetes.io/instance: tackle + app.kubernetes.io/part-of: tackle +spec: + rules: + - http: + paths: + - path: / + pathType: ImplementationSpecific + backend: + service: + name: tackle-ui + port: + number: 8080 diff --git a/kubernetes/ing2.yml b/kubernetes/ing2.yml new file mode 100644 index 00000000..000308bd --- /dev/null +++ b/kubernetes/ing2.yml @@ -0,0 +1,41 @@ +kind: Ingress +apiVersion: networking.k8s.io/v1 +metadata: + name: tackle + labels: + app.kubernetes.io/name: tackle + app.kubernetes.io/component: application + app.kubernetes.io/instance: tackle + app.kubernetes.io/part-of: tackle +spec: + rules: + - http: + paths: + - path: /auth + pathType: ImplementationSpecific + backend: + service: + name: keycloak + port: + number: 8080 + - path: /controls + pathType: ImplementationSpecific + backend: + service: + name: tackle-controls + port: + number: 8080 + - path: /application-inventory + pathType: ImplementationSpecific + backend: + service: + name: tackle-application-inventory + port: + number: 8080 + - path: /pathfinder + pathType: ImplementationSpecific + backend: + service: + name: tackle-pathfinder + port: + number: 8080 diff --git a/kubernetes/keycloak/cm.yml b/kubernetes/keycloak/cm.yml new file mode 100644 index 00000000..93be4d5e --- /dev/null +++ b/kubernetes/keycloak/cm.yml @@ -0,0 +1,2344 @@ +apiVersion: v1 +data: + konveyor-realm.json: | + { + "id": "konveyor", + "realm": "konveyor", + "notBefore": 0, + "revokeRefreshToken": false, + "refreshTokenMaxReuse": 0, + "accessTokenLifespan": 300, + "accessTokenLifespanForImplicitFlow": 900, + "ssoSessionIdleTimeout": 1800, + "ssoSessionMaxLifespan": 36000, + "ssoSessionIdleTimeoutRememberMe": 0, + "ssoSessionMaxLifespanRememberMe": 0, + "offlineSessionIdleTimeout": 2592000, + "offlineSessionMaxLifespanEnabled": false, + "offlineSessionMaxLifespan": 5184000, + "clientSessionIdleTimeout": 0, + "clientSessionMaxLifespan": 0, + "clientOfflineSessionIdleTimeout": 0, + "clientOfflineSessionMaxLifespan": 0, + "accessCodeLifespan": 60, + "accessCodeLifespanUserAction": 300, + "accessCodeLifespanLogin": 1800, + "actionTokenGeneratedByAdminLifespan": 43200, + "actionTokenGeneratedByUserLifespan": 300, + "enabled": true, + "sslRequired": "external", + "registrationAllowed": false, + "registrationEmailAsUsername": false, + "rememberMe": false, + "verifyEmail": false, + "loginWithEmailAllowed": true, + "duplicateEmailsAllowed": false, + "resetPasswordAllowed": false, + "editUsernameAllowed": false, + "bruteForceProtected": false, + "permanentLockout": false, + "maxFailureWaitSeconds": 900, + "minimumQuickLoginWaitSeconds": 60, + "waitIncrementSeconds": 60, + "quickLoginCheckMilliSeconds": 1000, + "maxDeltaTimeSeconds": 43200, + "failureFactor": 30, + "roles": { + "realm": [ + { + "id": "d723b5ff-6c33-4152-b0ac-3ad9c1b79e6c", + "name": "admin", + "composite": false, + "clientRole": false, + "containerId": "konveyor", + "attributes": {} + }, + { + "id": "88607edb-72b0-46fb-8d76-1a75a51a50f0", + "name": "user", + "composite": false, + "clientRole": false, + "containerId": "konveyor", + "attributes": {} + }, + { + "id": "85aa1467-987b-4a71-a7e1-92dffc90323b", + "name": "uma_authorization", + "description": "${role_uma_authorization}", + "composite": false, + "clientRole": false, + "containerId": "konveyor", + "attributes": {} + }, + { + "id": "ca0cb92d-22d8-4590-8935-22182d2848e3", + "name": "offline_access", + "description": "${role_offline-access}", + "composite": false, + "clientRole": false, + "containerId": "konveyor", + "attributes": {} + } + ], + "client": { + "realm-management": [ + { + "id": "6849a9ed-4c25-4cc9-88c8-609cd633f1c7", + "name": "query-groups", + "description": "${role_query-groups}", + "composite": false, + "clientRole": true, + "containerId": "7cd8f4cd-abf4-4d20-904f-7381a29a38b8", + "attributes": {} + }, + { + "id": "08320d88-a140-4511-a094-92eecffa2f31", + "name": "manage-events", + "description": "${role_manage-events}", + "composite": false, + "clientRole": true, + "containerId": "7cd8f4cd-abf4-4d20-904f-7381a29a38b8", + "attributes": {} + }, + { + "id": "e58675c2-c05c-427c-b920-a978a3928b73", + "name": "view-clients", + "description": "${role_view-clients}", + "composite": true, + "composites": { + "client": { + "realm-management": [ + "query-clients" + ] + } + }, + "clientRole": true, + "containerId": "7cd8f4cd-abf4-4d20-904f-7381a29a38b8", + "attributes": {} + }, + { + "id": "9a78c649-6529-477f-a1e0-36d3165407e2", + "name": "manage-authorization", + "description": "${role_manage-authorization}", + "composite": false, + "clientRole": true, + "containerId": "7cd8f4cd-abf4-4d20-904f-7381a29a38b8", + "attributes": {} + }, + { + "id": "227e0d33-7b83-45db-86d5-03467fe24147", + "name": "realm-admin", + "description": "${role_realm-admin}", + "composite": true, + "composites": { + "client": { + "realm-management": [ + "query-groups", + "manage-events", + "view-clients", + "manage-authorization", + "impersonation", + "query-clients", + "view-realm", + "manage-users", + "view-events", + "query-users", + "create-client", + "manage-identity-providers", + "view-identity-providers", + "view-users", + "query-realms", + "view-authorization", + "manage-clients", + "manage-realm" + ] + } + }, + "clientRole": true, + "containerId": "7cd8f4cd-abf4-4d20-904f-7381a29a38b8", + "attributes": {} + }, + { + "id": "f7c107c9-2aac-458a-8f12-93986cce61ab", + "name": "query-clients", + "description": "${role_query-clients}", + "composite": false, + "clientRole": true, + "containerId": "7cd8f4cd-abf4-4d20-904f-7381a29a38b8", + "attributes": {} + }, + { + "id": "b3a531d7-f745-469a-8a0e-a751d48b6d7b", + "name": "impersonation", + "description": "${role_impersonation}", + "composite": false, + "clientRole": true, + "containerId": "7cd8f4cd-abf4-4d20-904f-7381a29a38b8", + "attributes": {} + }, + { + "id": "7e6891b0-1f91-45c9-81d1-ba2fb825fc38", + "name": "view-realm", + "description": "${role_view-realm}", + "composite": false, + "clientRole": true, + "containerId": "7cd8f4cd-abf4-4d20-904f-7381a29a38b8", + "attributes": {} + }, + { + "id": "b4e357bf-bb32-4ee1-ac95-1ffc5ee927f6", + "name": "manage-users", + "description": "${role_manage-users}", + "composite": false, + "clientRole": true, + "containerId": "7cd8f4cd-abf4-4d20-904f-7381a29a38b8", + "attributes": {} + }, + { + "id": "724b6adf-ea10-45b0-a856-05f014f8aca6", + "name": "view-events", + "description": "${role_view-events}", + "composite": false, + "clientRole": true, + "containerId": "7cd8f4cd-abf4-4d20-904f-7381a29a38b8", + "attributes": {} + }, + { + "id": "f29ee958-a37f-428a-b316-669235df7e59", + "name": "query-users", + "description": "${role_query-users}", + "composite": false, + "clientRole": true, + "containerId": "7cd8f4cd-abf4-4d20-904f-7381a29a38b8", + "attributes": {} + }, + { + "id": "f2d6d0de-7ebc-4f0f-a156-f279570ad228", + "name": "create-client", + "description": "${role_create-client}", + "composite": false, + "clientRole": true, + "containerId": "7cd8f4cd-abf4-4d20-904f-7381a29a38b8", + "attributes": {} + }, + { + "id": "52025042-ac41-401b-9657-83d064d04084", + "name": "manage-identity-providers", + "description": "${role_manage-identity-providers}", + "composite": false, + "clientRole": true, + "containerId": "7cd8f4cd-abf4-4d20-904f-7381a29a38b8", + "attributes": {} + }, + { + "id": "850038e6-b323-423b-aab7-64788d8dcbea", + "name": "view-identity-providers", + "description": "${role_view-identity-providers}", + "composite": false, + "clientRole": true, + "containerId": "7cd8f4cd-abf4-4d20-904f-7381a29a38b8", + "attributes": {} + }, + { + "id": "629459d6-1e42-46bb-b313-dd3fa66aca5d", + "name": "view-users", + "description": "${role_view-users}", + "composite": true, + "composites": { + "client": { + "realm-management": [ + "query-groups", + "query-users" + ] + } + }, + "clientRole": true, + "containerId": "7cd8f4cd-abf4-4d20-904f-7381a29a38b8", + "attributes": {} + }, + { + "id": "e2c72797-82a7-440e-9cea-55f0219b7aaf", + "name": "view-authorization", + "description": "${role_view-authorization}", + "composite": false, + "clientRole": true, + "containerId": "7cd8f4cd-abf4-4d20-904f-7381a29a38b8", + "attributes": {} + }, + { + "id": "6d629082-9597-483c-85e3-349b3b6761e6", + "name": "query-realms", + "description": "${role_query-realms}", + "composite": false, + "clientRole": true, + "containerId": "7cd8f4cd-abf4-4d20-904f-7381a29a38b8", + "attributes": {} + }, + { + "id": "5c5f86a5-2f47-4a58-9ad9-c1b770b3f1e0", + "name": "manage-clients", + "description": "${role_manage-clients}", + "composite": false, + "clientRole": true, + "containerId": "7cd8f4cd-abf4-4d20-904f-7381a29a38b8", + "attributes": {} + }, + { + "id": "02b68098-a625-428f-8339-3053d4ab1ba4", + "name": "manage-realm", + "description": "${role_manage-realm}", + "composite": false, + "clientRole": true, + "containerId": "7cd8f4cd-abf4-4d20-904f-7381a29a38b8", + "attributes": {} + } + ], + "security-admin-console": [], + "controls-api": [ + { + "id": "d056105b-2d60-4415-addb-9639ac3bfd74", + "name": "uma_protection", + "composite": false, + "clientRole": true, + "containerId": "5cda179e-8443-4467-a488-292976d25bf1", + "attributes": {} + } + ], + "admin-cli": [], + "account-console": [], + "broker": [ + { + "id": "6c7bca9c-701c-4caf-9978-68211d766538", + "name": "read-token", + "description": "${role_read-token}", + "composite": false, + "clientRole": true, + "containerId": "e91a0a7f-f825-4155-abff-a547a9594d63", + "attributes": {} + } + ], + "account": [ + { + "id": "905b98ab-40a2-4f22-90e3-98a3475f8e7f", + "name": "manage-account-links", + "description": "${role_manage-account-links}", + "composite": false, + "clientRole": true, + "containerId": "466f7590-d495-402d-a955-08c54ae31385", + "attributes": {} + }, + { + "id": "e230efe8-767b-4903-8bb9-d612fc4d4c63", + "name": "view-consent", + "description": "${role_view-consent}", + "composite": false, + "clientRole": true, + "containerId": "466f7590-d495-402d-a955-08c54ae31385", + "attributes": {} + }, + { + "id": "1352f674-2227-4c5c-b687-c76d99e3acb6", + "name": "view-applications", + "description": "${role_view-applications}", + "composite": false, + "clientRole": true, + "containerId": "466f7590-d495-402d-a955-08c54ae31385", + "attributes": {} + }, + { + "id": "116701c3-049d-4bd3-95ad-ad838484844e", + "name": "manage-consent", + "description": "${role_manage-consent}", + "composite": true, + "composites": { + "client": { + "account": [ + "view-consent" + ] + } + }, + "clientRole": true, + "containerId": "466f7590-d495-402d-a955-08c54ae31385", + "attributes": {} + }, + { + "id": "791910d1-4a2f-46a2-9920-a61c83938a17", + "name": "view-profile", + "description": "${role_view-profile}", + "composite": false, + "clientRole": true, + "containerId": "466f7590-d495-402d-a955-08c54ae31385", + "attributes": {} + }, + { + "id": "0a046e35-6bf2-47e5-8ecb-fffbd2c05a2c", + "name": "manage-account", + "description": "${role_manage-account}", + "composite": true, + "composites": { + "client": { + "account": [ + "manage-account-links" + ] + } + }, + "clientRole": true, + "containerId": "466f7590-d495-402d-a955-08c54ae31385", + "attributes": {} + } + ] + } + }, + "groups": [], + "defaultRoles": [ + "uma_authorization", + "offline_access" + ], + "requiredCredentials": [ + "password" + ], + "otpPolicyType": "totp", + "otpPolicyAlgorithm": "HmacSHA1", + "otpPolicyInitialCounter": 0, + "otpPolicyDigits": 6, + "otpPolicyLookAheadWindow": 1, + "otpPolicyPeriod": 30, + "otpSupportedApplications": [ + "FreeOTP", + "Google Authenticator" + ], + "webAuthnPolicyRpEntityName": "keycloak", + "webAuthnPolicySignatureAlgorithms": [ + "ES256" + ], + "webAuthnPolicyRpId": "", + "webAuthnPolicyAttestationConveyancePreference": "not specified", + "webAuthnPolicyAuthenticatorAttachment": "not specified", + "webAuthnPolicyRequireResidentKey": "not specified", + "webAuthnPolicyUserVerificationRequirement": "not specified", + "webAuthnPolicyCreateTimeout": 0, + "webAuthnPolicyAvoidSameAuthenticatorRegister": false, + "webAuthnPolicyAcceptableAaguids": [], + "webAuthnPolicyPasswordlessRpEntityName": "keycloak", + "webAuthnPolicyPasswordlessSignatureAlgorithms": [ + "ES256" + ], + "webAuthnPolicyPasswordlessRpId": "", + "webAuthnPolicyPasswordlessAttestationConveyancePreference": "not specified", + "webAuthnPolicyPasswordlessAuthenticatorAttachment": "not specified", + "webAuthnPolicyPasswordlessRequireResidentKey": "not specified", + "webAuthnPolicyPasswordlessUserVerificationRequirement": "not specified", + "webAuthnPolicyPasswordlessCreateTimeout": 0, + "webAuthnPolicyPasswordlessAvoidSameAuthenticatorRegister": false, + "webAuthnPolicyPasswordlessAcceptableAaguids": [], + "users": [ + { + "id": "af134cab-f41c-4675-b141-205f975db679", + "username": "admin", + "enabled": true, + "totp": false, + "emailVerified": false, + "credentials": [ + { + "type": "password", + "hashedSaltedValue": "NICTtwsvSxJ5hL8hLAuleDUv9jwZcuXgxviMXvR++cciyPtiIEStEaJUyfA9DOir59awjPrHOumsclPVjNBplA==", + "salt": "T/2P5o5oxFJUEk68BRURRg==", + "hashIterations": 27500, + "counter": 0, + "algorithm": "pbkdf2-sha256", + "digits": 0, + "period": 0, + "createdDate": 1554245879354, + "config": {} + } + ], + "disableableCredentialTypes": [ + "password" + ], + "requiredActions": [], + "realmRoles": [ + "admin", + "user" + ], + "notBefore": 0, + "groups": [] + }, + { + "id": "eb4123a3-b722-4798-9af5-8957f823657a", + "username": "alice", + "enabled": true, + "totp": false, + "emailVerified": false, + "credentials": [ + { + "type": "password", + "hashedSaltedValue": "A3okqV2T/ybXTVEgKfosoSjP8Yc9IZbFP/SY4cEd6hag7TABQrQ6nUSuwagGt96l8cw1DTijO75PqX6uiTXMzw==", + "salt": "sl4mXx6T9FypPH/s9TngfQ==", + "hashIterations": 27500, + "counter": 0, + "algorithm": "pbkdf2-sha256", + "digits": 0, + "period": 0, + "createdDate": 1554245879116, + "config": {} + } + ], + "disableableCredentialTypes": [ + "password" + ], + "requiredActions": [], + "realmRoles": [ + "user" + ], + "notBefore": 0, + "groups": [] + }, + { + "id": "f2f78ee5-b6f9-4e7b-a837-8301a30a6d73", + "createdTimestamp": 1602936578977, + "username": "service-account-controls-api", + "enabled": true, + "totp": false, + "emailVerified": false, + "serviceAccountClientId": "controls-api", + "disableableCredentialTypes": [], + "requiredActions": [], + "realmRoles": [ + "uma_authorization", + "offline_access" + ], + "clientRoles": { + "controls-api": [ + "uma_protection" + ], + "account": [ + "manage-account", + "view-profile" + ] + }, + "notBefore": 0, + "groups": [] + } + ], + "scopeMappings": [ + { + "clientScope": "offline_access", + "roles": [ + "offline_access" + ] + } + ], + "clientScopeMappings": { + "account": [ + { + "client": "account-console", + "roles": [ + "manage-account" + ] + } + ] + }, + "clients": [ + { + "id": "466f7590-d495-402d-a955-08c54ae31385", + "clientId": "account", + "name": "${client_account}", + "rootUrl": "${authBaseUrl}", + "baseUrl": "/realms/konveyor/account/", + "surrogateAuthRequired": false, + "enabled": true, + "alwaysDisplayInConsole": false, + "clientAuthenticatorType": "client-secret", + "secret": "0136c3ef-0dfd-4b13-a6d0-2c8b6358edec", + "defaultRoles": [ + "manage-account", + "view-profile" + ], + "redirectUris": [ + "/realms/konveyor/account/*" + ], + "webOrigins": [], + "notBefore": 0, + "bearerOnly": false, + "consentRequired": false, + "standardFlowEnabled": true, + "implicitFlowEnabled": false, + "directAccessGrantsEnabled": false, + "serviceAccountsEnabled": false, + "publicClient": false, + "frontchannelLogout": false, + "protocol": "openid-connect", + "attributes": {}, + "authenticationFlowBindingOverrides": {}, + "fullScopeAllowed": false, + "nodeReRegistrationTimeout": 0, + "defaultClientScopes": [ + "web-origins", + "role_list", + "roles", + "profile", + "email" + ], + "optionalClientScopes": [ + "address", + "phone", + "offline_access", + "microprofile-jwt" + ] + }, + { + "id": "f5256301-90fa-4e2c-9829-0adf0d2f828d", + "clientId": "account-console", + "name": "${client_account-console}", + "rootUrl": "${authBaseUrl}", + "baseUrl": "/realms/konveyor/account/", + "surrogateAuthRequired": false, + "enabled": true, + "alwaysDisplayInConsole": false, + "clientAuthenticatorType": "client-secret", + "secret": "994a58fd-d98a-4403-9ff8-a6e9d078825f", + "redirectUris": [ + "/realms/konveyor/account/*" + ], + "webOrigins": [], + "notBefore": 0, + "bearerOnly": false, + "consentRequired": false, + "standardFlowEnabled": true, + "implicitFlowEnabled": false, + "directAccessGrantsEnabled": false, + "serviceAccountsEnabled": false, + "publicClient": true, + "frontchannelLogout": false, + "protocol": "openid-connect", + "attributes": { + "pkce.code.challenge.method": "S256" + }, + "authenticationFlowBindingOverrides": {}, + "fullScopeAllowed": false, + "nodeReRegistrationTimeout": 0, + "protocolMappers": [ + { + "id": "e0267bcc-919b-4b4d-92ae-54fe779db0f5", + "name": "audience resolve", + "protocol": "openid-connect", + "protocolMapper": "oidc-audience-resolve-mapper", + "consentRequired": false, + "config": {} + } + ], + "defaultClientScopes": [ + "web-origins", + "role_list", + "roles", + "profile", + "email" + ], + "optionalClientScopes": [ + "address", + "phone", + "offline_access", + "microprofile-jwt" + ] + }, + { + "id": "0f7c2edf-9597-494e-8003-907342652b21", + "clientId": "admin-cli", + "name": "${client_admin-cli}", + "surrogateAuthRequired": false, + "enabled": true, + "alwaysDisplayInConsole": false, + "clientAuthenticatorType": "client-secret", + "secret": "a951803a-79c7-46a6-8197-e32835286971", + "redirectUris": [], + "webOrigins": [], + "notBefore": 0, + "bearerOnly": false, + "consentRequired": false, + "standardFlowEnabled": false, + "implicitFlowEnabled": false, + "directAccessGrantsEnabled": true, + "serviceAccountsEnabled": false, + "publicClient": true, + "frontchannelLogout": false, + "protocol": "openid-connect", + "attributes": {}, + "authenticationFlowBindingOverrides": {}, + "fullScopeAllowed": false, + "nodeReRegistrationTimeout": 0, + "defaultClientScopes": [ + "web-origins", + "role_list", + "roles", + "profile", + "email" + ], + "optionalClientScopes": [ + "address", + "phone", + "offline_access", + "microprofile-jwt" + ] + }, + { + "id": "e91a0a7f-f825-4155-abff-a547a9594d63", + "clientId": "broker", + "name": "${client_broker}", + "surrogateAuthRequired": false, + "enabled": true, + "alwaysDisplayInConsole": false, + "clientAuthenticatorType": "client-secret", + "secret": "e1f7edd7-e15c-43b4-8736-ff8204d16836", + "redirectUris": [], + "webOrigins": [], + "notBefore": 0, + "bearerOnly": false, + "consentRequired": false, + "standardFlowEnabled": true, + "implicitFlowEnabled": false, + "directAccessGrantsEnabled": false, + "serviceAccountsEnabled": false, + "publicClient": false, + "frontchannelLogout": false, + "protocol": "openid-connect", + "attributes": {}, + "authenticationFlowBindingOverrides": {}, + "fullScopeAllowed": false, + "nodeReRegistrationTimeout": 0, + "defaultClientScopes": [ + "web-origins", + "role_list", + "roles", + "profile", + "email" + ], + "optionalClientScopes": [ + "address", + "phone", + "offline_access", + "microprofile-jwt" + ] + }, + { + "id": "7cd8f4cd-abf4-4d20-904f-7381a29a38b8", + "clientId": "realm-management", + "name": "${client_realm-management}", + "surrogateAuthRequired": false, + "enabled": true, + "alwaysDisplayInConsole": false, + "clientAuthenticatorType": "client-secret", + "secret": "c41b709a-a012-4c69-89d7-4f926dba0619", + "redirectUris": [], + "webOrigins": [], + "notBefore": 0, + "bearerOnly": true, + "consentRequired": false, + "standardFlowEnabled": true, + "implicitFlowEnabled": false, + "directAccessGrantsEnabled": false, + "serviceAccountsEnabled": false, + "publicClient": false, + "frontchannelLogout": false, + "protocol": "openid-connect", + "attributes": {}, + "authenticationFlowBindingOverrides": {}, + "fullScopeAllowed": false, + "nodeReRegistrationTimeout": 0, + "defaultClientScopes": [ + "web-origins", + "role_list", + "roles", + "profile", + "email" + ], + "optionalClientScopes": [ + "address", + "phone", + "offline_access", + "microprofile-jwt" + ] + }, + { + "id": "407f46da-f770-4666-9147-2bcfc5c1caf6", + "clientId": "security-admin-console", + "name": "${client_security-admin-console}", + "rootUrl": "${authAdminUrl}", + "baseUrl": "/admin/konveyor/console/", + "surrogateAuthRequired": false, + "enabled": true, + "alwaysDisplayInConsole": false, + "clientAuthenticatorType": "client-secret", + "secret": "e571b211-2550-475d-b87f-116ff54091ee", + "redirectUris": [ + "/admin/konveyor/console/*" + ], + "webOrigins": [ + "+" + ], + "notBefore": 0, + "bearerOnly": false, + "consentRequired": false, + "standardFlowEnabled": true, + "implicitFlowEnabled": false, + "directAccessGrantsEnabled": false, + "serviceAccountsEnabled": false, + "publicClient": true, + "frontchannelLogout": false, + "protocol": "openid-connect", + "attributes": { + "pkce.code.challenge.method": "S256" + }, + "authenticationFlowBindingOverrides": {}, + "fullScopeAllowed": false, + "nodeReRegistrationTimeout": 0, + "protocolMappers": [ + { + "id": "831ca78a-ea57-468f-a135-fc48068d0b78", + "name": "locale", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-attribute-mapper", + "consentRequired": false, + "config": { + "userinfo.token.claim": "true", + "user.attribute": "locale", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "locale", + "jsonType.label": "String" + } + } + ], + "defaultClientScopes": [ + "web-origins", + "role_list", + "roles", + "profile", + "email" + ], + "optionalClientScopes": [ + "address", + "phone", + "offline_access", + "microprofile-jwt" + ] + }, + { + "id": "5cda179e-8443-4467-a488-292976d25bf1", + "clientId": "controls-api", + "surrogateAuthRequired": false, + "enabled": true, + "alwaysDisplayInConsole": false, + "clientAuthenticatorType": "client-secret", + "secret": "secret", + "redirectUris": [ + "/*" + ], + "webOrigins": [], + "notBefore": 0, + "bearerOnly": false, + "consentRequired": false, + "standardFlowEnabled": true, + "implicitFlowEnabled": false, + "directAccessGrantsEnabled": true, + "serviceAccountsEnabled": false, + "publicClient": false, + "frontchannelLogout": false, + "protocol": "openid-connect", + "attributes": { + "saml.assertion.signature": "false", + "saml.force.post.binding": "false", + "saml.multivalued.roles": "false", + "saml.encrypt": "false", + "backchannel.logout.revoke.offline.tokens": "false", + "saml.server.signature": "false", + "saml.server.signature.keyinfo.ext": "false", + "exclude.session.state.from.auth.response": "false", + "backchannel.logout.session.required": "true", + "client_credentials.use_refresh_token": "false", + "saml_force_name_id_format": "false", + "saml.client.signature": "false", + "tls.client.certificate.bound.access.tokens": "false", + "saml.authnstatement": "false", + "display.on.consent.screen": "false", + "saml.onetimeuse.condition": "false" + }, + "authenticationFlowBindingOverrides": {}, + "fullScopeAllowed": true, + "nodeReRegistrationTimeout": -1, + "defaultClientScopes": [ + "web-origins", + "role_list", + "roles", + "profile", + "email" + ], + "optionalClientScopes": [ + "address", + "phone", + "offline_access", + "microprofile-jwt" + ], + "access": { + "view": true, + "configure": true, + "manage": true + } + }, + { + "id": "065c4bcf-379e-4a83-99d7-5491176185e2", + "clientId": "application-inventory-api", + "surrogateAuthRequired": false, + "enabled": true, + "alwaysDisplayInConsole": false, + "clientAuthenticatorType": "client-secret", + "secret": "secret", + "redirectUris": [ + "/*" + ], + "webOrigins": [], + "notBefore": 0, + "bearerOnly": false, + "consentRequired": false, + "standardFlowEnabled": true, + "implicitFlowEnabled": false, + "directAccessGrantsEnabled": true, + "serviceAccountsEnabled": false, + "publicClient": false, + "frontchannelLogout": false, + "protocol": "openid-connect", + "attributes": { + "saml.assertion.signature": "false", + "saml.force.post.binding": "false", + "saml.multivalued.roles": "false", + "saml.encrypt": "false", + "backchannel.logout.revoke.offline.tokens": "false", + "saml.server.signature": "false", + "saml.server.signature.keyinfo.ext": "false", + "exclude.session.state.from.auth.response": "false", + "backchannel.logout.session.required": "true", + "client_credentials.use_refresh_token": "false", + "saml_force_name_id_format": "false", + "saml.client.signature": "false", + "tls.client.certificate.bound.access.tokens": "false", + "saml.authnstatement": "false", + "display.on.consent.screen": "false", + "saml.onetimeuse.condition": "false" + }, + "authenticationFlowBindingOverrides": {}, + "fullScopeAllowed": true, + "nodeReRegistrationTimeout": -1, + "defaultClientScopes": [ + "web-origins", + "role_list", + "roles", + "profile", + "email" + ], + "optionalClientScopes": [ + "address", + "phone", + "offline_access", + "microprofile-jwt" + ], + "access": { + "view": true, + "configure": true, + "manage": true + } + }, + { + "id": "7f4a9ed7-3554-4aef-955a-a5737fb942f3", + "clientId": "pathfinder-api", + "surrogateAuthRequired": false, + "enabled": true, + "alwaysDisplayInConsole": false, + "clientAuthenticatorType": "client-secret", + "secret": "secret", + "redirectUris": [ + "/*" + ], + "webOrigins": [], + "notBefore": 0, + "bearerOnly": false, + "consentRequired": false, + "standardFlowEnabled": true, + "implicitFlowEnabled": false, + "directAccessGrantsEnabled": true, + "serviceAccountsEnabled": false, + "publicClient": false, + "frontchannelLogout": false, + "protocol": "openid-connect", + "attributes": { + "saml.assertion.signature": "false", + "saml.force.post.binding": "false", + "saml.multivalued.roles": "false", + "saml.encrypt": "false", + "backchannel.logout.revoke.offline.tokens": "false", + "saml.server.signature": "false", + "saml.server.signature.keyinfo.ext": "false", + "exclude.session.state.from.auth.response": "false", + "backchannel.logout.session.required": "true", + "client_credentials.use_refresh_token": "false", + "saml_force_name_id_format": "false", + "saml.client.signature": "false", + "tls.client.certificate.bound.access.tokens": "false", + "saml.authnstatement": "false", + "display.on.consent.screen": "false", + "saml.onetimeuse.condition": "false" + }, + "authenticationFlowBindingOverrides": {}, + "fullScopeAllowed": true, + "nodeReRegistrationTimeout": -1, + "defaultClientScopes": [ + "web-origins", + "role_list", + "roles", + "profile", + "email" + ], + "optionalClientScopes": [ + "address", + "phone", + "offline_access", + "microprofile-jwt" + ], + "access": { + "view": true, + "configure": true, + "manage": true + } + }, + { + "id": "695da74e-39ca-4e46-a2b6-6a673f92d4e2", + "clientId": "tackle-ui", + "surrogateAuthRequired": false, + "enabled": true, + "alwaysDisplayInConsole": false, + "clientAuthenticatorType": "client-secret", + "secret": "**********", + "redirectUris": [ + "*" + ], + "webOrigins": [ + "*" + ], + "notBefore": 0, + "bearerOnly": false, + "consentRequired": false, + "standardFlowEnabled": true, + "implicitFlowEnabled": false, + "directAccessGrantsEnabled": true, + "serviceAccountsEnabled": false, + "publicClient": true, + "frontchannelLogout": false, + "protocol": "openid-connect", + "attributes": { + "backchannel.logout.session.required": "true", + "backchannel.logout.revoke.offline.tokens": "false" + }, + "authenticationFlowBindingOverrides": {}, + "fullScopeAllowed": true, + "nodeReRegistrationTimeout": -1, + "defaultClientScopes": [ + "web-origins", + "role_list", + "roles", + "profile", + "email" + ], + "optionalClientScopes": [ + "address", + "phone", + "offline_access", + "microprofile-jwt" + ] + } + ], + "clientScopes": [ + { + "id": "7ad4c83f-7793-470b-b01d-b8d4b6e49941", + "name": "address", + "description": "OpenID Connect built-in scope: address", + "protocol": "openid-connect", + "attributes": { + "include.in.token.scope": "true", + "display.on.consent.screen": "true", + "consent.screen.text": "${addressScopeConsentText}" + }, + "protocolMappers": [ + { + "id": "adbc4487-d95b-4567-a36b-629ac3b00a36", + "name": "address", + "protocol": "openid-connect", + "protocolMapper": "oidc-address-mapper", + "consentRequired": false, + "config": { + "user.attribute.formatted": "formatted", + "user.attribute.country": "country", + "user.attribute.postal_code": "postal_code", + "userinfo.token.claim": "true", + "user.attribute.street": "street", + "id.token.claim": "true", + "user.attribute.region": "region", + "access.token.claim": "true", + "user.attribute.locality": "locality" + } + } + ] + }, + { + "id": "f06793e3-9c45-49b7-ad5b-08c14e2be29f", + "name": "email", + "description": "OpenID Connect built-in scope: email", + "protocol": "openid-connect", + "attributes": { + "include.in.token.scope": "true", + "display.on.consent.screen": "true", + "consent.screen.text": "${emailScopeConsentText}" + }, + "protocolMappers": [ + { + "id": "1516caf6-6a5a-482d-8186-9c3ec9b5c874", + "name": "email verified", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-property-mapper", + "consentRequired": false, + "config": { + "userinfo.token.claim": "true", + "user.attribute": "emailVerified", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "email_verified", + "jsonType.label": "boolean" + } + }, + { + "id": "0ba3782c-9f7a-4ced-9e4e-a8145d23bf6c", + "name": "email", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-property-mapper", + "consentRequired": false, + "config": { + "userinfo.token.claim": "true", + "user.attribute": "email", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "email", + "jsonType.label": "String" + } + } + ] + }, + { + "id": "3873fc26-b5ef-457c-aab2-a1157b05db4d", + "name": "microprofile-jwt", + "description": "Microprofile - JWT built-in scope", + "protocol": "openid-connect", + "attributes": { + "include.in.token.scope": "true", + "display.on.consent.screen": "false" + }, + "protocolMappers": [ + { + "id": "33549263-f0f5-4807-8835-7f8e4684c0ef", + "name": "upn", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-property-mapper", + "consentRequired": false, + "config": { + "userinfo.token.claim": "true", + "user.attribute": "username", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "upn", + "jsonType.label": "String" + } + }, + { + "id": "f04e99a6-cca0-4acc-ad00-d2a9bbd26ff2", + "name": "groups", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-realm-role-mapper", + "consentRequired": false, + "config": { + "multivalued": "true", + "user.attribute": "foo", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "groups", + "jsonType.label": "String" + } + } + ] + }, + { + "id": "cedfca34-d051-44e3-8698-1e4d82f31ea1", + "name": "offline_access", + "description": "OpenID Connect built-in scope: offline_access", + "protocol": "openid-connect", + "attributes": { + "consent.screen.text": "${offlineAccessScopeConsentText}", + "display.on.consent.screen": "true" + } + }, + { + "id": "876e7269-3aab-4252-b041-88a02f2fc3b5", + "name": "phone", + "description": "OpenID Connect built-in scope: phone", + "protocol": "openid-connect", + "attributes": { + "include.in.token.scope": "true", + "display.on.consent.screen": "true", + "consent.screen.text": "${phoneScopeConsentText}" + }, + "protocolMappers": [ + { + "id": "b8308a16-b44f-43c6-aab7-12d624fe82ad", + "name": "phone number verified", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-attribute-mapper", + "consentRequired": false, + "config": { + "userinfo.token.claim": "true", + "user.attribute": "phoneNumberVerified", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "phone_number_verified", + "jsonType.label": "boolean" + } + }, + { + "id": "e87fbc27-2c39-429b-9807-93b95241eab2", + "name": "phone number", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-attribute-mapper", + "consentRequired": false, + "config": { + "userinfo.token.claim": "true", + "user.attribute": "phoneNumber", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "phone_number", + "jsonType.label": "String" + } + } + ] + }, + { + "id": "cf6392e7-574e-44da-b143-7c811574b237", + "name": "profile", + "description": "OpenID Connect built-in scope: profile", + "protocol": "openid-connect", + "attributes": { + "include.in.token.scope": "true", + "display.on.consent.screen": "true", + "consent.screen.text": "${profileScopeConsentText}" + }, + "protocolMappers": [ + { + "id": "1a497de4-3929-4e45-9373-8dd4b9c92d31", + "name": "family name", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-property-mapper", + "consentRequired": false, + "config": { + "userinfo.token.claim": "true", + "user.attribute": "lastName", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "family_name", + "jsonType.label": "String" + } + }, + { + "id": "6200624f-c90d-4aaf-b521-7b8435002a09", + "name": "picture", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-attribute-mapper", + "consentRequired": false, + "config": { + "userinfo.token.claim": "true", + "user.attribute": "picture", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "picture", + "jsonType.label": "String" + } + }, + { + "id": "1cf2dc37-1836-4180-8b2b-06aef384bfca", + "name": "updated at", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-attribute-mapper", + "consentRequired": false, + "config": { + "userinfo.token.claim": "true", + "user.attribute": "updatedAt", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "updated_at", + "jsonType.label": "String" + } + }, + { + "id": "864f324b-7b71-4cff-8a35-e08b3063fd40", + "name": "full name", + "protocol": "openid-connect", + "protocolMapper": "oidc-full-name-mapper", + "consentRequired": false, + "config": { + "id.token.claim": "true", + "access.token.claim": "true", + "userinfo.token.claim": "true" + } + }, + { + "id": "5041e8d2-adb9-4814-8af8-4aee25ca3395", + "name": "gender", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-attribute-mapper", + "consentRequired": false, + "config": { + "userinfo.token.claim": "true", + "user.attribute": "gender", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "gender", + "jsonType.label": "String" + } + }, + { + "id": "a8707020-de49-4801-ba18-b875ed9c5aaa", + "name": "zoneinfo", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-attribute-mapper", + "consentRequired": false, + "config": { + "userinfo.token.claim": "true", + "user.attribute": "zoneinfo", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "zoneinfo", + "jsonType.label": "String" + } + }, + { + "id": "42659871-244a-454a-b231-0c15348dee42", + "name": "locale", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-attribute-mapper", + "consentRequired": false, + "config": { + "userinfo.token.claim": "true", + "user.attribute": "locale", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "locale", + "jsonType.label": "String" + } + }, + { + "id": "6bfd6d10-70a9-488c-8306-c1288709b53b", + "name": "username", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-property-mapper", + "consentRequired": false, + "config": { + "userinfo.token.claim": "true", + "user.attribute": "username", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "preferred_username", + "jsonType.label": "String" + } + }, + { + "id": "9db1df0f-fa93-48be-b97f-a3b6414ab3f3", + "name": "profile", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-attribute-mapper", + "consentRequired": false, + "config": { + "userinfo.token.claim": "true", + "user.attribute": "profile", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "profile", + "jsonType.label": "String" + } + }, + { + "id": "7e36717b-3b03-4e97-b8ac-c9e682f5cb4c", + "name": "birthdate", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-attribute-mapper", + "consentRequired": false, + "config": { + "userinfo.token.claim": "true", + "user.attribute": "birthdate", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "birthdate", + "jsonType.label": "String" + } + }, + { + "id": "6cba0b69-c17a-4bbe-b55c-cabe48c61571", + "name": "given name", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-property-mapper", + "consentRequired": false, + "config": { + "userinfo.token.claim": "true", + "user.attribute": "firstName", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "given_name", + "jsonType.label": "String" + } + }, + { + "id": "e57fce2e-b7b8-4665-9e17-755d85aeccc0", + "name": "nickname", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-attribute-mapper", + "consentRequired": false, + "config": { + "userinfo.token.claim": "true", + "user.attribute": "nickname", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "nickname", + "jsonType.label": "String" + } + }, + { + "id": "fd4aa449-c66f-4172-ae30-fa9e9ad82fe0", + "name": "website", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-attribute-mapper", + "consentRequired": false, + "config": { + "userinfo.token.claim": "true", + "user.attribute": "website", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "website", + "jsonType.label": "String" + } + }, + { + "id": "4d8e0ac0-7d66-45cb-bbf7-2e2b49cbf2a5", + "name": "middle name", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-attribute-mapper", + "consentRequired": false, + "config": { + "userinfo.token.claim": "true", + "user.attribute": "middleName", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "middle_name", + "jsonType.label": "String" + } + } + ] + }, + { + "id": "1d70dda3-b20c-483a-b08d-8d20407df7a7", + "name": "role_list", + "description": "SAML role list", + "protocol": "saml", + "attributes": { + "consent.screen.text": "${samlRoleListScopeConsentText}", + "display.on.consent.screen": "true" + }, + "protocolMappers": [ + { + "id": "f96d90e9-c464-4d6f-b0c5-4d36763ba0fb", + "name": "role list", + "protocol": "saml", + "protocolMapper": "saml-role-list-mapper", + "consentRequired": false, + "config": { + "single": "false", + "attribute.nameformat": "Basic", + "attribute.name": "Role" + } + } + ] + }, + { + "id": "cb6059d6-339d-4e0f-9591-223935104f97", + "name": "roles", + "description": "OpenID Connect scope for add user roles to the access token", + "protocol": "openid-connect", + "attributes": { + "include.in.token.scope": "false", + "display.on.consent.screen": "true", + "consent.screen.text": "${rolesScopeConsentText}" + }, + "protocolMappers": [ + { + "id": "3f1bb88d-a3e7-4472-9763-1c186514f3d2", + "name": "realm roles", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-realm-role-mapper", + "consentRequired": false, + "config": { + "multivalued": "true", + "user.attribute": "foo", + "access.token.claim": "true", + "claim.name": "realm_access.roles", + "jsonType.label": "String" + } + }, + { + "id": "6c36c6da-fcd0-4578-9704-5b245b40ce0a", + "name": "audience resolve", + "protocol": "openid-connect", + "protocolMapper": "oidc-audience-resolve-mapper", + "consentRequired": false, + "config": {} + }, + { + "id": "986c6019-d84a-4a7f-a54d-da9da869b462", + "name": "client roles", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-client-role-mapper", + "consentRequired": false, + "config": { + "multivalued": "true", + "user.attribute": "foo", + "access.token.claim": "true", + "claim.name": "resource_access.${client_id}.roles", + "jsonType.label": "String" + } + } + ] + }, + { + "id": "915b79ce-9d2f-4c19-8fac-12924bf19891", + "name": "web-origins", + "description": "OpenID Connect scope for add allowed web origins to the access token", + "protocol": "openid-connect", + "attributes": { + "include.in.token.scope": "false", + "display.on.consent.screen": "false", + "consent.screen.text": "" + }, + "protocolMappers": [ + { + "id": "d7cde5d0-4c14-42ca-95ac-bcc07fcbbdb4", + "name": "allowed web origins", + "protocol": "openid-connect", + "protocolMapper": "oidc-allowed-origins-mapper", + "consentRequired": false, + "config": {} + } + ] + } + ], + "defaultDefaultClientScopes": [ + "role_list", + "web-origins", + "roles", + "profile", + "email" + ], + "defaultOptionalClientScopes": [ + "microprofile-jwt", + "address", + "phone", + "offline_access" + ], + "browserSecurityHeaders": { + "contentSecurityPolicyReportOnly": "", + "xContentTypeOptions": "nosniff", + "xRobotsTag": "none", + "xFrameOptions": "SAMEORIGIN", + "contentSecurityPolicy": "frame-src 'self'; frame-ancestors 'self'; object-src 'none';", + "xXSSProtection": "1; mode=block", + "strictTransportSecurity": "max-age=31536000; includeSubDomains" + }, + "smtpServer": {}, + "eventsEnabled": false, + "eventsListeners": [ + "jboss-logging" + ], + "enabledEventTypes": [], + "adminEventsEnabled": false, + "adminEventsDetailsEnabled": false, + "components": { + "org.keycloak.services.clientregistration.policy.ClientRegistrationPolicy": [ + { + "id": "3e91f878-e4bd-4c0f-b320-4cab942d9ad1", + "name": "Allowed Client Scopes", + "providerId": "allowed-client-templates", + "subType": "anonymous", + "subComponents": {}, + "config": { + "allow-default-scopes": [ + "true" + ] + } + }, + { + "id": "183b6fda-b761-4612-a0d4-acea8dd9d98a", + "name": "Allowed Protocol Mapper Types", + "providerId": "allowed-protocol-mappers", + "subType": "authenticated", + "subComponents": {}, + "config": { + "allowed-protocol-mapper-types": [ + "saml-user-attribute-mapper", + "oidc-address-mapper", + "oidc-usermodel-attribute-mapper", + "oidc-full-name-mapper", + "oidc-usermodel-property-mapper", + "saml-role-list-mapper", + "saml-user-property-mapper", + "oidc-sha256-pairwise-sub-mapper" + ] + } + }, + { + "id": "b75b53d5-2afa-464f-8624-2de149656a14", + "name": "Trusted Hosts", + "providerId": "trusted-hosts", + "subType": "anonymous", + "subComponents": {}, + "config": { + "host-sending-registration-request-must-match": [ + "true" + ], + "client-uris-must-match": [ + "true" + ] + } + }, + { + "id": "d491ad5e-534a-4492-a168-780b3314f8a0", + "name": "Consent Required", + "providerId": "consent-required", + "subType": "anonymous", + "subComponents": {}, + "config": {} + }, + { + "id": "ffeec36f-9ae2-4ef3-ae49-64c43cfab0a5", + "name": "Max Clients Limit", + "providerId": "max-clients", + "subType": "anonymous", + "subComponents": {}, + "config": { + "max-clients": [ + "200" + ] + } + }, + { + "id": "47a66c7c-373f-487d-bfb2-acd7ab389339", + "name": "Full Scope Disabled", + "providerId": "scope", + "subType": "anonymous", + "subComponents": {}, + "config": {} + }, + { + "id": "ae20dd81-3850-44cb-bd4a-1fee7d5a285e", + "name": "Allowed Protocol Mapper Types", + "providerId": "allowed-protocol-mappers", + "subType": "anonymous", + "subComponents": {}, + "config": { + "allowed-protocol-mapper-types": [ + "saml-user-attribute-mapper", + "oidc-usermodel-attribute-mapper", + "saml-role-list-mapper", + "oidc-sha256-pairwise-sub-mapper", + "oidc-full-name-mapper", + "saml-user-property-mapper", + "oidc-usermodel-property-mapper", + "oidc-address-mapper" + ] + } + }, + { + "id": "a4547fd0-1a1f-4722-aff0-2c49c4608a32", + "name": "Allowed Client Scopes", + "providerId": "allowed-client-templates", + "subType": "authenticated", + "subComponents": {}, + "config": { + "allow-default-scopes": [ + "true" + ] + } + } + ], + "org.keycloak.keys.KeyProvider": [ + { + "id": "263a7924-21c7-4ab2-9a72-dbad9a309eaa", + "name": "aes-generated", + "providerId": "aes-generated", + "subComponents": {}, + "config": { + "priority": [ + "100" + ] + } + }, + { + "id": "f9670a25-1608-4bd6-b089-0170b0edf4d9", + "name": "hmac-generated", + "providerId": "hmac-generated", + "subComponents": {}, + "config": { + "priority": [ + "100" + ], + "algorithm": [ + "HS256" + ] + } + }, + { + "id": "da59404c-a6d8-428e-b8a1-c99d74a9ea72", + "name": "rsa-generated", + "providerId": "rsa-generated", + "subComponents": {}, + "config": { + "priority": [ + "100" + ] + } + } + ] + }, + "internationalizationEnabled": false, + "supportedLocales": [], + "authenticationFlows": [ + { + "id": "79af7e20-fd58-4dc2-9313-a7003f0cb1f7", + "alias": "Account verification options", + "description": "Method with which to verity the existing account", + "providerId": "basic-flow", + "topLevel": false, + "builtIn": true, + "authenticationExecutions": [ + { + "authenticator": "idp-email-verification", + "requirement": "ALTERNATIVE", + "priority": 10, + "userSetupAllowed": false, + "autheticatorFlow": false + }, + { + "requirement": "ALTERNATIVE", + "priority": 20, + "flowAlias": "Verify Existing Account by Re-authentication", + "userSetupAllowed": false, + "autheticatorFlow": true + } + ] + }, + { + "id": "84b80847-d734-442f-883f-cd24747cd878", + "alias": "Authentication Options", + "description": "Authentication options.", + "providerId": "basic-flow", + "topLevel": false, + "builtIn": true, + "authenticationExecutions": [ + { + "authenticator": "basic-auth", + "requirement": "REQUIRED", + "priority": 10, + "userSetupAllowed": false, + "autheticatorFlow": false + }, + { + "authenticator": "basic-auth-otp", + "requirement": "DISABLED", + "priority": 20, + "userSetupAllowed": false, + "autheticatorFlow": false + }, + { + "authenticator": "auth-spnego", + "requirement": "DISABLED", + "priority": 30, + "userSetupAllowed": false, + "autheticatorFlow": false + } + ] + }, + { + "id": "77bfc179-e474-4d49-b748-b33964b27e41", + "alias": "Browser - Conditional OTP", + "description": "Flow to determine if the OTP is required for the authentication", + "providerId": "basic-flow", + "topLevel": false, + "builtIn": true, + "authenticationExecutions": [ + { + "authenticator": "conditional-user-configured", + "requirement": "REQUIRED", + "priority": 10, + "userSetupAllowed": false, + "autheticatorFlow": false + }, + { + "authenticator": "auth-otp-form", + "requirement": "REQUIRED", + "priority": 20, + "userSetupAllowed": false, + "autheticatorFlow": false + } + ] + }, + { + "id": "71a5e6cf-6bce-45f7-800c-4860fb6b8a0a", + "alias": "Direct Grant - Conditional OTP", + "description": "Flow to determine if the OTP is required for the authentication", + "providerId": "basic-flow", + "topLevel": false, + "builtIn": true, + "authenticationExecutions": [ + { + "authenticator": "conditional-user-configured", + "requirement": "REQUIRED", + "priority": 10, + "userSetupAllowed": false, + "autheticatorFlow": false + }, + { + "authenticator": "direct-grant-validate-otp", + "requirement": "REQUIRED", + "priority": 20, + "userSetupAllowed": false, + "autheticatorFlow": false + } + ] + }, + { + "id": "18ab230f-b431-45f3-89d7-31712300a568", + "alias": "First broker login - Conditional OTP", + "description": "Flow to determine if the OTP is required for the authentication", + "providerId": "basic-flow", + "topLevel": false, + "builtIn": true, + "authenticationExecutions": [ + { + "authenticator": "conditional-user-configured", + "requirement": "REQUIRED", + "priority": 10, + "userSetupAllowed": false, + "autheticatorFlow": false + }, + { + "authenticator": "auth-otp-form", + "requirement": "REQUIRED", + "priority": 20, + "userSetupAllowed": false, + "autheticatorFlow": false + } + ] + }, + { + "id": "0f2e4cab-b078-4833-9330-5ffbe055279b", + "alias": "Handle Existing Account", + "description": "Handle what to do if there is existing account with same email/username like authenticated identity provider", + "providerId": "basic-flow", + "topLevel": false, + "builtIn": true, + "authenticationExecutions": [ + { + "authenticator": "idp-confirm-link", + "requirement": "REQUIRED", + "priority": 10, + "userSetupAllowed": false, + "autheticatorFlow": false + }, + { + "requirement": "REQUIRED", + "priority": 20, + "flowAlias": "Account verification options", + "userSetupAllowed": false, + "autheticatorFlow": true + } + ] + }, + { + "id": "4e9af401-af96-44b8-a5bc-d16462b3f366", + "alias": "Reset - Conditional OTP", + "description": "Flow to determine if the OTP should be reset or not. Set to REQUIRED to force.", + "providerId": "basic-flow", + "topLevel": false, + "builtIn": true, + "authenticationExecutions": [ + { + "authenticator": "conditional-user-configured", + "requirement": "REQUIRED", + "priority": 10, + "userSetupAllowed": false, + "autheticatorFlow": false + }, + { + "authenticator": "reset-otp", + "requirement": "REQUIRED", + "priority": 20, + "userSetupAllowed": false, + "autheticatorFlow": false + } + ] + }, + { + "id": "b31fb78e-fc01-4f55-a29b-87e31849dd7a", + "alias": "User creation or linking", + "description": "Flow for the existing/non-existing user alternatives", + "providerId": "basic-flow", + "topLevel": false, + "builtIn": true, + "authenticationExecutions": [ + { + "authenticatorConfig": "create unique user config", + "authenticator": "idp-create-user-if-unique", + "requirement": "ALTERNATIVE", + "priority": 10, + "userSetupAllowed": false, + "autheticatorFlow": false + }, + { + "requirement": "ALTERNATIVE", + "priority": 20, + "flowAlias": "Handle Existing Account", + "userSetupAllowed": false, + "autheticatorFlow": true + } + ] + }, + { + "id": "a016ba60-5add-4bb7-a077-843f58d1c333", + "alias": "Verify Existing Account by Re-authentication", + "description": "Reauthentication of existing account", + "providerId": "basic-flow", + "topLevel": false, + "builtIn": true, + "authenticationExecutions": [ + { + "authenticator": "idp-username-password-form", + "requirement": "REQUIRED", + "priority": 10, + "userSetupAllowed": false, + "autheticatorFlow": false + }, + { + "requirement": "CONDITIONAL", + "priority": 20, + "flowAlias": "First broker login - Conditional OTP", + "userSetupAllowed": false, + "autheticatorFlow": true + } + ] + }, + { + "id": "33b06dc1-001a-4621-81a3-1f7c0f20665a", + "alias": "browser", + "description": "browser based authentication", + "providerId": "basic-flow", + "topLevel": true, + "builtIn": true, + "authenticationExecutions": [ + { + "authenticator": "auth-cookie", + "requirement": "ALTERNATIVE", + "priority": 10, + "userSetupAllowed": false, + "autheticatorFlow": false + }, + { + "authenticator": "auth-spnego", + "requirement": "DISABLED", + "priority": 20, + "userSetupAllowed": false, + "autheticatorFlow": false + }, + { + "authenticator": "identity-provider-redirector", + "requirement": "ALTERNATIVE", + "priority": 25, + "userSetupAllowed": false, + "autheticatorFlow": false + }, + { + "requirement": "ALTERNATIVE", + "priority": 30, + "flowAlias": "forms", + "userSetupAllowed": false, + "autheticatorFlow": true + } + ] + }, + { + "id": "50aa4aeb-3f2b-4fbc-996c-aab5951e3676", + "alias": "clients", + "description": "Base authentication for clients", + "providerId": "client-flow", + "topLevel": true, + "builtIn": true, + "authenticationExecutions": [ + { + "authenticator": "client-secret", + "requirement": "ALTERNATIVE", + "priority": 10, + "userSetupAllowed": false, + "autheticatorFlow": false + }, + { + "authenticator": "client-jwt", + "requirement": "ALTERNATIVE", + "priority": 20, + "userSetupAllowed": false, + "autheticatorFlow": false + }, + { + "authenticator": "client-secret-jwt", + "requirement": "ALTERNATIVE", + "priority": 30, + "userSetupAllowed": false, + "autheticatorFlow": false + }, + { + "authenticator": "client-x509", + "requirement": "ALTERNATIVE", + "priority": 40, + "userSetupAllowed": false, + "autheticatorFlow": false + } + ] + }, + { + "id": "aedd580b-9c1d-4c53-9c8f-447d6497b682", + "alias": "direct grant", + "description": "OpenID Connect Resource Owner Grant", + "providerId": "basic-flow", + "topLevel": true, + "builtIn": true, + "authenticationExecutions": [ + { + "authenticator": "direct-grant-validate-username", + "requirement": "REQUIRED", + "priority": 10, + "userSetupAllowed": false, + "autheticatorFlow": false + }, + { + "authenticator": "direct-grant-validate-password", + "requirement": "REQUIRED", + "priority": 20, + "userSetupAllowed": false, + "autheticatorFlow": false + }, + { + "requirement": "CONDITIONAL", + "priority": 30, + "flowAlias": "Direct Grant - Conditional OTP", + "userSetupAllowed": false, + "autheticatorFlow": true + } + ] + }, + { + "id": "a1436eea-651b-4e9b-99b8-6b7c511b04b6", + "alias": "docker auth", + "description": "Used by Docker clients to authenticate against the IDP", + "providerId": "basic-flow", + "topLevel": true, + "builtIn": true, + "authenticationExecutions": [ + { + "authenticator": "docker-http-basic-authenticator", + "requirement": "REQUIRED", + "priority": 10, + "userSetupAllowed": false, + "autheticatorFlow": false + } + ] + }, + { + "id": "9a35d938-cf17-4601-aa4c-87324b86f830", + "alias": "first broker login", + "description": "Actions taken after first broker login with identity provider account, which is not yet linked to any Keycloak account", + "providerId": "basic-flow", + "topLevel": true, + "builtIn": true, + "authenticationExecutions": [ + { + "authenticatorConfig": "review profile config", + "authenticator": "idp-review-profile", + "requirement": "REQUIRED", + "priority": 10, + "userSetupAllowed": false, + "autheticatorFlow": false + }, + { + "requirement": "REQUIRED", + "priority": 20, + "flowAlias": "User creation or linking", + "userSetupAllowed": false, + "autheticatorFlow": true + } + ] + }, + { + "id": "d75b41c7-a3cb-4f8e-96ff-47ea426e2bb6", + "alias": "forms", + "description": "Username, password, otp and other auth forms.", + "providerId": "basic-flow", + "topLevel": false, + "builtIn": true, + "authenticationExecutions": [ + { + "authenticator": "auth-username-password-form", + "requirement": "REQUIRED", + "priority": 10, + "userSetupAllowed": false, + "autheticatorFlow": false + }, + { + "requirement": "CONDITIONAL", + "priority": 20, + "flowAlias": "Browser - Conditional OTP", + "userSetupAllowed": false, + "autheticatorFlow": true + } + ] + }, + { + "id": "6e6c98a8-18f4-4ca6-bc58-da58d743f765", + "alias": "http challenge", + "description": "An authentication flow based on challenge-response HTTP Authentication Schemes", + "providerId": "basic-flow", + "topLevel": true, + "builtIn": true, + "authenticationExecutions": [ + { + "authenticator": "no-cookie-redirect", + "requirement": "REQUIRED", + "priority": 10, + "userSetupAllowed": false, + "autheticatorFlow": false + }, + { + "requirement": "REQUIRED", + "priority": 20, + "flowAlias": "Authentication Options", + "userSetupAllowed": false, + "autheticatorFlow": true + } + ] + }, + { + "id": "ecf34725-8dbd-43b2-b5e9-20fe6964657a", + "alias": "registration", + "description": "registration flow", + "providerId": "basic-flow", + "topLevel": true, + "builtIn": true, + "authenticationExecutions": [ + { + "authenticator": "registration-page-form", + "requirement": "REQUIRED", + "priority": 10, + "flowAlias": "registration form", + "userSetupAllowed": false, + "autheticatorFlow": true + } + ] + }, + { + "id": "ec2cd88f-5511-4f7d-b6cf-c022cebca4ef", + "alias": "registration form", + "description": "registration form", + "providerId": "form-flow", + "topLevel": false, + "builtIn": true, + "authenticationExecutions": [ + { + "authenticator": "registration-user-creation", + "requirement": "REQUIRED", + "priority": 20, + "userSetupAllowed": false, + "autheticatorFlow": false + }, + { + "authenticator": "registration-profile-action", + "requirement": "REQUIRED", + "priority": 40, + "userSetupAllowed": false, + "autheticatorFlow": false + }, + { + "authenticator": "registration-password-action", + "requirement": "REQUIRED", + "priority": 50, + "userSetupAllowed": false, + "autheticatorFlow": false + }, + { + "authenticator": "registration-recaptcha-action", + "requirement": "DISABLED", + "priority": 60, + "userSetupAllowed": false, + "autheticatorFlow": false + } + ] + }, + { + "id": "93fff189-ed75-4326-a110-2aae42f59e91", + "alias": "reset credentials", + "description": "Reset credentials for a user if they forgot their password or something", + "providerId": "basic-flow", + "topLevel": true, + "builtIn": true, + "authenticationExecutions": [ + { + "authenticator": "reset-credentials-choose-user", + "requirement": "REQUIRED", + "priority": 10, + "userSetupAllowed": false, + "autheticatorFlow": false + }, + { + "authenticator": "reset-credential-email", + "requirement": "REQUIRED", + "priority": 20, + "userSetupAllowed": false, + "autheticatorFlow": false + }, + { + "authenticator": "reset-password", + "requirement": "REQUIRED", + "priority": 30, + "userSetupAllowed": false, + "autheticatorFlow": false + }, + { + "requirement": "CONDITIONAL", + "priority": 40, + "flowAlias": "Reset - Conditional OTP", + "userSetupAllowed": false, + "autheticatorFlow": true + } + ] + }, + { + "id": "76d4a83e-6fde-447c-9111-05bacfba27c0", + "alias": "saml ecp", + "description": "SAML ECP Profile Authentication Flow", + "providerId": "basic-flow", + "topLevel": true, + "builtIn": true, + "authenticationExecutions": [ + { + "authenticator": "http-basic-authenticator", + "requirement": "REQUIRED", + "priority": 10, + "userSetupAllowed": false, + "autheticatorFlow": false + } + ] + } + ], + "authenticatorConfig": [ + { + "id": "e27c12d6-18ad-4c83-b601-8e3166242be3", + "alias": "create unique user config", + "config": { + "require.password.update.after.registration": "false" + } + }, + { + "id": "4242993c-47b3-4357-9e8d-9864fcc0123a", + "alias": "review profile config", + "config": { + "update.profile.on.first.login": "missing" + } + } + ], + "requiredActions": [ + { + "alias": "CONFIGURE_TOTP", + "name": "Configure OTP", + "providerId": "CONFIGURE_TOTP", + "enabled": true, + "defaultAction": false, + "priority": 10, + "config": {} + }, + { + "alias": "terms_and_conditions", + "name": "Terms and Conditions", + "providerId": "terms_and_conditions", + "enabled": false, + "defaultAction": false, + "priority": 20, + "config": {} + }, + { + "alias": "UPDATE_PASSWORD", + "name": "Update Password", + "providerId": "UPDATE_PASSWORD", + "enabled": true, + "defaultAction": false, + "priority": 30, + "config": {} + }, + { + "alias": "UPDATE_PROFILE", + "name": "Update Profile", + "providerId": "UPDATE_PROFILE", + "enabled": true, + "defaultAction": false, + "priority": 40, + "config": {} + }, + { + "alias": "VERIFY_EMAIL", + "name": "Verify Email", + "providerId": "VERIFY_EMAIL", + "enabled": true, + "defaultAction": false, + "priority": 50, + "config": {} + }, + { + "alias": "update_user_locale", + "name": "Update User Locale", + "providerId": "update_user_locale", + "enabled": true, + "defaultAction": false, + "priority": 1000, + "config": {} + } + ], + "browserFlow": "browser", + "registrationFlow": "registration", + "directGrantFlow": "direct grant", + "resetCredentialsFlow": "reset credentials", + "clientAuthenticationFlow": "clients", + "dockerAuthenticationFlow": "docker auth", + "attributes": {}, + "keycloakVersion": "11.0.2", + "userManagedAccessAllowed": false + } +kind: ConfigMap +metadata: + name: keycloak-realm + labels: + app.kubernetes.io/name: keycloak + app.kubernetes.io/component: sso + app.kubernetes.io/instance: keycloak + app.kubernetes.io/part-of: tackle diff --git a/kubernetes/keycloak/db-deploy.yml b/kubernetes/keycloak/db-deploy.yml new file mode 100644 index 00000000..0f6b8164 --- /dev/null +++ b/kubernetes/keycloak/db-deploy.yml @@ -0,0 +1,82 @@ +kind: Deployment +apiVersion: apps/v1 +metadata: + name: keycloak-db + labels: + app.kubernetes.io/name: keycloak-db + app.kubernetes.io/version: "10.6" + app.kubernetes.io/component: database + app.kubernetes.io/instance: keycloak-db + app.kubernetes.io/part-of: tackle +spec: + replicas: 1 + selector: + matchLabels: + app.kubernetes.io/name: keycloak-db + app.kubernetes.io/version: "10.6" + template: + metadata: + labels: + app.kubernetes.io/name: keycloak-db + app.kubernetes.io/version: "10.6" + spec: + volumes: + - name: keycloak-db-data + persistentVolumeClaim: + claimName: keycloak-db + containers: + - name: postgres + image: postgres:10.6 + ports: + - containerPort: 5432 + protocol: TCP + env: + - name: POSTGRES_USER + value: keycloak_username + - name: POSTGRES_PASSWORD + value: keycloak_password + - name: POSTGRES_DB + value: keycloak_db + resources: {} + livenessProbe: + exec: + command: + - "/bin/sh" + - "-c" + - "psql -U $POSTGRES_USER -d $POSTGRES_DB -c 'SELECT 1'" + initialDelaySeconds: 60 + timeoutSeconds: 10 + periodSeconds: 10 + successThreshold: 1 + failureThreshold: 3 + readinessProbe: + exec: + command: + - "/bin/sh" + - "-c" + - "psql -U $POSTGRES_USER -d $POSTGRES_DB -c 'SELECT 1'" + initialDelaySeconds: 10 + timeoutSeconds: 1 + periodSeconds: 10 + successThreshold: 1 + failureThreshold: 3 + terminationMessagePath: "/dev/termination-log" + terminationMessagePolicy: File + imagePullPolicy: IfNotPresent + volumeMounts: + - name: keycloak-db-data + mountPath: "/var/lib/db" + securityContext: + privileged: false + restartPolicy: Always + terminationGracePeriodSeconds: 30 + dnsPolicy: ClusterFirst + securityContext: {} + schedulerName: default-scheduler + strategy: + type: RollingUpdate + rollingUpdate: + maxUnavailable: 25% + maxSurge: 25% + revisionHistoryLimit: 10 + progressDeadlineSeconds: 600 diff --git a/kubernetes/keycloak/db-pvc.yml b/kubernetes/keycloak/db-pvc.yml new file mode 100644 index 00000000..e2953ea7 --- /dev/null +++ b/kubernetes/keycloak/db-pvc.yml @@ -0,0 +1,16 @@ +kind: PersistentVolumeClaim +apiVersion: v1 +metadata: + name: keycloak-db + labels: + app.kubernetes.io/name: keycloak-db + app.kubernetes.io/component: database + app.kubernetes.io/instance: keycloak-db + app.kubernetes.io/part-of: tackle +spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 1Gi + volumeMode: Filesystem \ No newline at end of file diff --git a/kubernetes/keycloak/db-svc.yml b/kubernetes/keycloak/db-svc.yml new file mode 100644 index 00000000..a05642ce --- /dev/null +++ b/kubernetes/keycloak/db-svc.yml @@ -0,0 +1,21 @@ +kind: Service +apiVersion: v1 +metadata: + name: keycloak-db + labels: + app.kubernetes.io/name: keycloak-db + app.kubernetes.io/version: '10.6' + app.kubernetes.io/component: database + app.kubernetes.io/instance: keycloak-db + app.kubernetes.io/part-of: tackle +spec: + ports: + - name: tcp + protocol: TCP + port: 5432 + targetPort: 5432 + selector: + app.kubernetes.io/name: keycloak-db + app.kubernetes.io/version: '10.6' + type: ClusterIP + sessionAffinity: None \ No newline at end of file diff --git a/kubernetes/keycloak/deploy.yml b/kubernetes/keycloak/deploy.yml new file mode 100644 index 00000000..29ac417e --- /dev/null +++ b/kubernetes/keycloak/deploy.yml @@ -0,0 +1,72 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: keycloak + labels: + app.kubernetes.io/name: keycloak + app.kubernetes.io/component: sso + app.kubernetes.io/instance: keycloak + app.kubernetes.io/part-of: tackle +spec: + replicas: 1 + selector: + matchLabels: + app.kubernetes.io/name: keycloak + template: + metadata: + labels: + app.kubernetes.io/name: keycloak + spec: + volumes: + - name: config-volume + configMap: + name: keycloak-realm + containers: + - name: keycloak + image: quay.io/keycloak/keycloak:12.0.4 + env: + - name: KEYCLOAK_USER + value: "admin" + - name: KEYCLOAK_PASSWORD + value: "admin" + - name: PROXY_ADDRESS_FORWARDING + value: "true" + - name: KEYCLOAK_IMPORT + value: /etc/config/konveyor-realm.json + - name: DB_VENDOR + value: postgres + - name: DB_ADDR + value: keycloak-db + - name: DB_DATABASE + value: keycloak_db + - name: DB_USER + value: keycloak_username + - name: DB_PASSWORD + value: keycloak_password + ports: + - name: http + containerPort: 8080 + - name: https + containerPort: 8443 + volumeMounts: + - name: config-volume + mountPath: /etc/config + readinessProbe: + httpGet: + path: /auth/realms/master + port: 8080 + initialDelaySeconds: 60 + timeoutSeconds: 1 + periodSeconds: 10 + successThreshold: 1 + failureThreshold: 6 + livenessProbe: + httpGet: + path: /auth/realms/master + port: 8080 + initialDelaySeconds: 120 + timeoutSeconds: 1 + periodSeconds: 10 + successThreshold: 1 + failureThreshold: 6 + resources: {} diff --git a/kubernetes/keycloak/svc.yml b/kubernetes/keycloak/svc.yml new file mode 100644 index 00000000..e7f4b0d6 --- /dev/null +++ b/kubernetes/keycloak/svc.yml @@ -0,0 +1,16 @@ +apiVersion: v1 +kind: Service +metadata: + name: keycloak + labels: + app.kubernetes.io/name: keycloak + app.kubernetes.io/component: sso + app.kubernetes.io/instance: keycloak + app.kubernetes.io/part-of: tackle +spec: + ports: + - name: http + port: 8080 + targetPort: 8080 + selector: + app.kubernetes.io/name: keycloak \ No newline at end of file diff --git a/kubernetes/pathfinder/db-deploy.yml b/kubernetes/pathfinder/db-deploy.yml new file mode 100644 index 00000000..8bfc92f2 --- /dev/null +++ b/kubernetes/pathfinder/db-deploy.yml @@ -0,0 +1,84 @@ +kind: Deployment +apiVersion: apps/v1 +metadata: + name: pathfinder-db + labels: + app.kubernetes.io/name: pathfinder-db + app.kubernetes.io/version: "10.6" + app.kubernetes.io/component: database + app.kubernetes.io/instance: pathfinder-db + app.kubernetes.io/part-of: tackle +spec: + replicas: 1 + selector: + matchLabels: + app.kubernetes.io/name: pathfinder-db + app.kubernetes.io/version: "10.6" + template: + metadata: + labels: + app.kubernetes.io/name: pathfinder-db + app.kubernetes.io/version: "10.6" + spec: + volumes: + - name: pathfinder-db-data + persistentVolumeClaim: + claimName: pathfinder-db + containers: + - name: postgres + image: postgres:10.6 + ports: + - containerPort: 5432 + protocol: TCP + env: + - name: POSTGRES_USER + value: pathfinder_username + - name: POSTGRES_PASSWORD + value: pathfinder_password + - name: POSTGRES_DB + value: pathfinder_db + resources: {} + livenessProbe: + exec: + command: + - /bin/sh + - "-c" + - | + psql -U $POSTGRES_USER -d $POSTGRES_DB -c 'SELECT 1' + initialDelaySeconds: 60 + timeoutSeconds: 10 + periodSeconds: 10 + successThreshold: 1 + failureThreshold: 3 + readinessProbe: + exec: + command: + - /bin/sh + - "-c" + - | + psql -U $POSTGRES_USER -d $POSTGRES_DB -c 'SELECT 1' + initialDelaySeconds: 10 + timeoutSeconds: 1 + periodSeconds: 10 + successThreshold: 1 + failureThreshold: 3 + terminationMessagePath: "/dev/termination-log" + terminationMessagePolicy: File + imagePullPolicy: IfNotPresent + volumeMounts: + - name: pathfinder-db-data + mountPath: "/var/lib/db" + securityContext: + privileged: false + restartPolicy: Always + terminationGracePeriodSeconds: 30 + dnsPolicy: ClusterFirst + securityContext: {} + schedulerName: default-scheduler + strategy: + type: RollingUpdate + rollingUpdate: + maxUnavailable: 25% + maxSurge: 25% + revisionHistoryLimit: 10 + progressDeadlineSeconds: 600 diff --git a/kubernetes/pathfinder/db-pvc.yml b/kubernetes/pathfinder/db-pvc.yml new file mode 100644 index 00000000..24e19733 --- /dev/null +++ b/kubernetes/pathfinder/db-pvc.yml @@ -0,0 +1,16 @@ +kind: PersistentVolumeClaim +apiVersion: v1 +metadata: + name: pathfinder-db + labels: + app.kubernetes.io/name: pathfinder-db + app.kubernetes.io/component: database + app.kubernetes.io/instance: pathfinder-db + app.kubernetes.io/part-of: tackle +spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 1Gi + volumeMode: Filesystem \ No newline at end of file diff --git a/kubernetes/pathfinder/db-svc.yml b/kubernetes/pathfinder/db-svc.yml new file mode 100644 index 00000000..7e441cd5 --- /dev/null +++ b/kubernetes/pathfinder/db-svc.yml @@ -0,0 +1,21 @@ +kind: Service +apiVersion: v1 +metadata: + name: pathfinder-db + labels: + app.kubernetes.io/name: pathfinder-db + app.kubernetes.io/version: "10.6" + app.kubernetes.io/component: database + app.kubernetes.io/instance: pathfinder-db + app.kubernetes.io/part-of: tackle +spec: + ports: + - name: tcp + protocol: TCP + port: 5432 + targetPort: 5432 + selector: + app.kubernetes.io/name: pathfinder-db + app.kubernetes.io/version: "10.6" + type: ClusterIP + sessionAffinity: None diff --git a/kubernetes/pathfinder/deploy.yml b/kubernetes/pathfinder/deploy.yml new file mode 100644 index 00000000..18ed2de7 --- /dev/null +++ b/kubernetes/pathfinder/deploy.yml @@ -0,0 +1,77 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + annotations: + prometheus.io/port: "8080" + prometheus.io/scheme: http + prometheus.io/scrape: "true" + prometheus.io/path: "/q/metrics" + labels: + app.kubernetes.io/component: rest + app.kubernetes.io/name: tackle-pathfinder + app.kubernetes.io/part-of: tackle + name: tackle-pathfinder +spec: + replicas: 1 + selector: + matchLabels: + app.kubernetes.io/name: tackle-pathfinder + app.kubernetes.io/part-of: tackle + template: + metadata: + annotations: + prometheus.io/port: "8080" + prometheus.io/scheme: http + prometheus.io/scrape: "true" + prometheus.io/path: "/q/metrics" + labels: + app.kubernetes.io/component: rest + app.kubernetes.io/name: tackle-pathfinder + app.kubernetes.io/part-of: tackle + spec: + containers: + - env: + - name: KUBERNETES_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: QUARKUS_DATASOURCE_USERNAME + value: pathfinder_username + - name: QUARKUS_DATASOURCE_PASSWORD + value: pathfinder_password + - name: QUARKUS_DATASOURCE_JDBC_URL + value: jdbc:postgresql://pathfinder-db:5432/pathfinder_db + - name: QUARKUS_OIDC_AUTH_SERVER_URL + value: http://keycloak:8080/auth/realms/konveyor + - name: QUARKUS_OIDC_CLIENT_ID + value: pathfinder-api + - name: QUARKUS_OIDC_CREDENTIALS_SECRET + value: secret + image: quay.io/konveyor/tackle-pathfinder:latest-native + imagePullPolicy: Always + livenessProbe: + failureThreshold: 3 + httpGet: + path: "/pathfinder/q/health/live" + port: 8080 + scheme: HTTP + initialDelaySeconds: 0 + periodSeconds: 30 + successThreshold: 1 + timeoutSeconds: 10 + name: tackle-pathfinder + ports: + - containerPort: 8080 + name: http + protocol: TCP + readinessProbe: + failureThreshold: 3 + httpGet: + path: "/pathfinder/q/health/ready" + port: 8080 + scheme: HTTP + initialDelaySeconds: 0 + periodSeconds: 30 + successThreshold: 1 + timeoutSeconds: 10 + resources: {} diff --git a/kubernetes/pathfinder/svc.yml b/kubernetes/pathfinder/svc.yml new file mode 100644 index 00000000..5c4c3310 --- /dev/null +++ b/kubernetes/pathfinder/svc.yml @@ -0,0 +1,23 @@ +apiVersion: v1 +kind: Service +metadata: + annotations: + prometheus.io/scheme: http + prometheus.io/scrape: 'true' + prometheus.io/path: "/q/metrics" + prometheus.io/port: '8080' + labels: + app.kubernetes.io/name: tackle-pathfinder + app.kubernetes.io/part-of: tackle + app.kubernetes.io/component: rest + app.openshift.io/runtime: quarkus + name: tackle-pathfinder +spec: + ports: + - name: http + port: 8080 + targetPort: 8080 + selector: + app.kubernetes.io/name: tackle-pathfinder + app.kubernetes.io/part-of: tackle + type: ClusterIP \ No newline at end of file diff --git a/kubernetes/ui/deploy.yml b/kubernetes/ui/deploy.yml new file mode 100644 index 00000000..01ff74fe --- /dev/null +++ b/kubernetes/ui/deploy.yml @@ -0,0 +1,75 @@ +kind: Deployment +apiVersion: apps/v1 +metadata: + name: tackle-ui + labels: + app.kubernetes.io/name: tackle-ui + app.kubernetes.io/component: ui + app.kubernetes.io/instance: tackle-ui + app.kubernetes.io/part-of: tackle +spec: + replicas: 1 + selector: + matchLabels: + app.kubernetes.io/name: tackle-ui + app.kubernetes.io/instance: tackle-ui + app.kubernetes.io/part-of: tackle + template: + metadata: + labels: + app.kubernetes.io/name: tackle-ui + app.kubernetes.io/instance: tackle-ui + app.kubernetes.io/part-of: tackle + spec: + containers: + - name: tackle-ui + image: quay.io/konveyor/tackle-ui:main + ports: + - containerPort: 8080 + protocol: TCP + - containerPort: 8443 + protocol: TCP + env: + - name: CONTROLS_API_URL + value: "http://tackle-controls:8080" + - name: APPLICATION_INVENTORY_API_URL + value: "http://tackle-application-inventory:8080" + - name: PATHFINDER_API_URL + value: "http://tackle-pathfinder:8080" + - name: SSO_REALM + value: konveyor + - name: SSO_CLIENT_ID + value: tackle-ui + - name: SSO_SERVER_URL + value: "http://keycloak:8080" + livenessProbe: + exec: + command: + - /bin/sh + - -c + - "[ -f /run/nginx.pid ] && ps -A | grep nginx" + initialDelaySeconds: 10 + periodSeconds: 5 + readinessProbe: + httpGet: + scheme: HTTP + path: / + port: 8080 + initialDelaySeconds: 10 + periodSeconds: 5 + resources: {} + terminationMessagePath: /dev/termination-log + terminationMessagePolicy: File + imagePullPolicy: Always + restartPolicy: Always + terminationGracePeriodSeconds: 30 + dnsPolicy: ClusterFirst + securityContext: {} + schedulerName: default-scheduler + strategy: + type: RollingUpdate + rollingUpdate: + maxUnavailable: 25% + maxSurge: 25% + revisionHistoryLimit: 10 + progressDeadlineSeconds: 600 diff --git a/kubernetes/ui/svc.yml b/kubernetes/ui/svc.yml new file mode 100644 index 00000000..0aca5fb3 --- /dev/null +++ b/kubernetes/ui/svc.yml @@ -0,0 +1,17 @@ +kind: Service +apiVersion: v1 +metadata: + name: tackle-ui + labels: + app.kubernetes.io/name: tackle-ui + app.kubernetes.io/component: ui + app.kubernetes.io/instance: tackle-ui + app.kubernetes.io/part-of: tackle +spec: + ports: + - name: 8080-tcp + protocol: TCP + port: 8080 + targetPort: 8080 + selector: + app.kubernetes.io/name: tackle-ui \ No newline at end of file