Put keycloak contianers in the pod

NeuraLegion · Jan 22, 2024 · a18f54c · a18f54c
1 parent da6cf24
commit a18f54c
Show file tree

Hide file tree

Showing 9 changed files with 120 additions and 127 deletions.
diff --git a/charts/brokencrystals/Chart.yaml b/charts/brokencrystals/Chart.yaml
@@ -4,7 +4,7 @@ description: |
   Benchmark application that uses modern technologies and implements a set of
   common security vulnerabilities
 type: application
-version: 0.0.32
+version: 0.0.34
 keywords:
   - brokencrystals-exp
   - brkn-e
diff --git a/charts/brokencrystals/templates/bc-prod-deployment.yaml b/charts/brokencrystals/templates/bc-prod-deployment.yaml
@@ -21,58 +21,11 @@ spec:
         - ip: "127.0.0.1"
           hostnames:
             - "postgres"
+            - "keycloak-postgres"
             - "keycloak"
             - "nodejs"
             - "proxy"
       containers:
-        - name: nodejs
-          image: brightsec/brokencrystals:{{ .Values.images.main }}
-          env:
-            - name: URL
-              value: "https://{{ .Values.ingress.url }}"
-            - name: DATABASE_HOST
-              value: "postgres"
-            - name: DATABASE_SCHEMA
-              value: "bc"
-            - name: DATABASE_USER
-              value: "bc"
-            - name: DATABASE_PASSWORD
-              value: "bc"
-            - name: DATABASE_PORT
-              value: "5432"
-            - name: DATABASE_DEBUG
-              value: "true"
-            - name: AWS_BUCKET
-              value: "https://neuralegion-open-bucket.s3.amazonaws.com"
-            - name: GOOGLE_MAPS_API
-              value: "AIzaSyD2wIxpYCuNI0Zjt8kChs2hLTS5abVQfRQ"
-            - name: JWT_PRIVATE_KEY_LOCATION
-              value: "config/keys/jwtRS256.key"
-            - name: JWT_PUBLIC_KEY_LOCATION
-              value: "config/keys/jwtRS256.key.pub.pem"
-            - name: JWT_SECRET_KEY
-              value: "1234"
-            - name: JWK_PRIVATE_KEY_LOCATION
-              value: "config/keys/jwk.key.pem"
-            - name: JWK_PUBLIC_KEY_LOCATION
-              value: "config/keys/jwk.pub.key.pem"
-            - name: JWK_PUBLIC_JSON 
-              value: "config/keys/jwk.pub.json"
-            - name: JKU_URL
-              value: "https://raw.githubusercontent.com/NeuraLegion/brokencrystals/development/config/keys/jku.json"
-            - name: X5U_URL
-              value: "https://raw.githubusercontent.com/NeuraLegion/brokencrystals/development/config/keys/x509.crt"
-          resources:
-            requests:
-              cpu: 500m
-              memory: 1024Mi
-          livenessProbe:
-            httpGet:
-              path: /api/config
-              port: 3000
-              scheme: HTTP
-            initialDelaySeconds: 120
-            periodSeconds: 30
         - name: postgres
           image: postgres
           livenessProbe:
@@ -97,6 +50,32 @@ spec:
             subPath: pg.sql
             readOnly: true       
 
+        - name: keycloak-postgres
+          image: postgres:12.2-alpine
+          ports:
+            - containerPort: 5433
+          livenessProbe:
+            tcpSocket:
+              port: 5433
+            initialDelaySeconds: 60
+            periodSeconds: 30
+          env:
+            - name: POSTGRES_DB
+              value: "keycloak"
+            - name: POSTGRES_USER
+              value: "keycloak"
+            - name: POSTGRES_PASSWORD
+              value: "password"
+          resources:
+            requests:
+              cpu: 100m
+              memory: 50Mi          
+          volumeMounts:
+          - name: {{ include "brokencrystals.fullname" . }}-keycloak-postgres
+            mountPath: /usr/local/share/postgresql/postgresql.conf.sample
+            subPath: postgresql.conf.sample
+            readOnly: true
+
         - name: keycloak
           image: jboss/keycloak:latest
           resources:
@@ -114,7 +93,9 @@ spec:
             - name: DB_VENDOR
               value: "POSTGRES"
             - name: DB_ADDR
-              value: "{{ include "brokencrystals.fullname" . }}-keycloak-postgres"
+              value: "keycloak-postgres"
+            - name: DB_PORT
+              value: "5433"
             - name: DB_DATABASE
               value: "keycloak"
             - name: DB_SCHEMA
@@ -136,6 +117,56 @@ spec:
             mountPath: /opt/jboss/keycloak/imports/realm-export.json
             subPath: realm-export.json
             readOnly: true
+
+        - name: nodejs
+          image: brightsec/brokencrystals:{{ .Values.images.main }}
+          env:
+            - name: URL
+              value: "https://{{ .Values.ingress.url }}"
+            - name: DATABASE_HOST
+              value: "postgres"
+            - name: DATABASE_SCHEMA
+              value: "bc"
+            - name: DATABASE_USER
+              value: "bc"
+            - name: DATABASE_PASSWORD
+              value: "bc"
+            - name: DATABASE_PORT
+              value: "5432"
+            - name: DATABASE_DEBUG
+              value: "true"
+            - name: AWS_BUCKET
+              value: "https://neuralegion-open-bucket.s3.amazonaws.com"
+            - name: GOOGLE_MAPS_API
+              value: "AIzaSyD2wIxpYCuNI0Zjt8kChs2hLTS5abVQfRQ"
+            - name: JWT_PRIVATE_KEY_LOCATION
+              value: "config/keys/jwtRS256.key"
+            - name: JWT_PUBLIC_KEY_LOCATION
+              value: "config/keys/jwtRS256.key.pub.pem"
+            - name: JWT_SECRET_KEY
+              value: "1234"
+            - name: JWK_PRIVATE_KEY_LOCATION
+              value: "config/keys/jwk.key.pem"
+            - name: JWK_PUBLIC_KEY_LOCATION
+              value: "config/keys/jwk.pub.key.pem"
+            - name: JWK_PUBLIC_JSON 
+              value: "config/keys/jwk.pub.json"
+            - name: JKU_URL
+              value: "https://raw.githubusercontent.com/NeuraLegion/brokencrystals/development/config/keys/jku.json"
+            - name: X5U_URL
+              value: "https://raw.githubusercontent.com/NeuraLegion/brokencrystals/development/config/keys/x509.crt"
+          resources:
+            requests:
+              cpu: 500m
+              memory: 1024Mi
+          livenessProbe:
+            httpGet:
+              path: /api/config
+              port: 3000
+              scheme: HTTP
+            initialDelaySeconds: 120
+            periodSeconds: 30
+
         - name: proxy
           image: neuralegion/brokencrystals-proxy-http:{{ .Values.images.client }}
           env:
@@ -195,21 +226,12 @@ spec:
       - name: {{ include "brokencrystals.fullname" . }}-postgres
         configMap:
           name: {{ include "brokencrystals.fullname" . }}-postgres
+      - name: {{ include "brokencrystals.fullname" . }}-keycloak-postgres
+        configMap:
+          name: {{ include "brokencrystals.fullname" . }}-keycloak-postgres
       - name: {{ include "brokencrystals.fullname" . }}-keycloak
         configMap:
           name: {{ include "brokencrystals.fullname" . }}-keycloak
       - name: {{ include "brokencrystals.fullname" . }}-nginx-proxy
         configMap:
           name: {{ include "brokencrystals.fullname" . }}-nginx-proxy
----
-kind: Service
-apiVersion: v1
-metadata:
-  name: {{ .Release.Name }}
-spec:
-  selector:
-    app: {{ .Release.Name }}
-  ports:
-    - port: 80
-      protocol: TCP
-      targetPort: 80
diff --git a/charts/brokencrystals/templates/config-keycloak-postgres.yaml b/charts/brokencrystals/templates/config-keycloak-postgres.yaml
@@ -0,0 +1,9 @@
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: {{ include "brokencrystals.fullname" . }}-keycloak-postgres
+  namespace: {{ .Release.Namespace }}
+data:
+  postgresql.conf.sample: |
+    listen_addresses = '*'
+    port = 5433
diff --git a/...rystals/templates/nginx-proxy-config.yaml → ...rokencrystals/templates/config-proxy.yaml b/...rystals/templates/nginx-proxy-config.yaml → ...rokencrystals/templates/config-proxy.yaml
diff --git a/charts/brokencrystals/templates/ingress.yaml b/charts/brokencrystals/templates/ingress.yaml
@@ -54,6 +54,6 @@ spec:
             pathType: Prefix
             backend:
               service:
-                name: {{ .Release.Name }}-keycloak-keycloak
+                name: {{ .Release.Name }}-keycloak
                 port:
                   number: 8080
diff --git a/charts/brokencrystals/templates/keycloak-deployment.yaml b/charts/brokencrystals/templates/keycloak-deployment.yaml
diff --git a/charts/brokencrystals/templates/keycloak-postgres-deployment.yaml b/charts/brokencrystals/templates/keycloak-postgres-deployment.yaml
diff --git a/charts/brokencrystals/templates/service.yaml b/charts/brokencrystals/templates/service.yaml
@@ -0,0 +1,25 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ .Release.Name }}
+spec:
+  selector:
+    app: {{ .Release.Name }}
+  ports:
+  - protocol: TCP
+    port: 80
+    targetPort: 80
+
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ .Release.Name }}-keycloak
+spec:
+  selector:
+    app: {{ .Release.Name }}
+  ports:
+  - protocol: TCP
+    port: 8080
+    targetPort: 8080
+
diff --git a/charts/brokencrystals/values.yaml b/charts/brokencrystals/values.yaml
@@ -3,5 +3,5 @@ ingress:
   cert: ""
   authlevel: "."
 images: 
-  main: experimental
+  main: latest
   client: latest