feat: add CRC deployment

README.md

@@ -24,17 +24,21 @@ Use it as default:
 kubectl config set-context --current --namespace=trustify
 ```
 
-Install the infrastructure services:
+Evaluate the application domain:
 
 ```bash
 APP_DOMAIN=.$(minikube ip).nip.io
+```
+
+Install the infrastructure services:
+
+```bash
 helm upgrade --install --dependency-update -n trustify infrastructure charts/trustify-infrastructure --values values-minikube.yaml --set-string keycloak.ingress.hostname=sso$APP_DOMAIN --set-string appDomain=$APP_DOMAIN
 ```
 
 Then deploy the application:
 
 ```bash
-APP_DOMAIN=.$(minikube ip).nip.io
 helm upgrade --install -n trustify trustify charts/trustify --values values-minikube.yaml --set-string appDomain=$APP_DOMAIN
 ```
 
@@ -47,24 +51,50 @@ kind create cluster --config kind/config.yaml
 kubectl apply -f https://kind.sigs.k8s.io/examples/ingress/deploy-ingress-nginx.yaml
 ```
 
+The rest works like the `minikube` approach. The `APP_DOMAIN` is different though:
+
+```bash
+APP_DOMAIN=.$(kubectl get node kind-control-plane -o jsonpath='{.status.addresses[?(@.type == "InternalIP")].address}' | awk '// { print $1 }').nip.io
+```
+
+### CRC
+
+Create a new cluster:
+
+```bash
+crc start --cpus 8 --memory 32768 --disk-size 80
+```
+
 Create a new namespace:
 
 ```bash
-kubectl create ns trustify
+oc new-project trustify
 ```
 
-Use it as default:
+Evaluate the application domain:
 
 ```bash
-kubectl config set-context --current --namespace=trustify
+APP_DOMAIN=-trustify.$(oc -n openshift-ingress-operator get ingresscontrollers.operator.openshift.io default -o jsonpath='{.status.domain}')
 ```
 
-Install the infrastructure services:
+Provide the trust anchor:
 
 ```bash
-APP_DOMAIN=.$(kubectl get node kind-control-plane -o jsonpath='{.status.addresses[?(@.type == "InternalIP")].address}' | awk '// { print $1 }').nip.io
-helm upgrade --install --dependency-update -n trustify infrastructure charts/trustify-infrastructure --values values-minikube.yaml --set-string keycloak.ingress.hostname=sso$APP_DOMAIN --set-string appDomain=$APP_DOMAIN
-helm upgrade --install -n trustify trustify charts/trustify --values values-minikube.yaml --set-string appDomain=$APP_DOMAIN
+oc get secret -n openshift-ingress  router-certs-default -o go-template='{{index .data "tls.crt"}}' | base64 -d > tls.crt
+oc create configmap crc-trust-anchor --from-file=tls.crt -n trustify
+rm tls.crt
+```
+
+Deploy the infrastructure:
+
+```bash
+helm upgrade --install --dependency-update -n trustify infrastructure charts/trustify-infrastructure --values values-ocp-no-aws.yaml --set-string keycloak.ingress.hostname=sso$APP_DOMAIN --set-string appDomain=$APP_DOMAIN
+```
+
+Deploy the application:
+
+```bash
+helm upgrade --install -n trustify trustify charts/trustify --values values-ocp-no-aws.yaml --set-string appDomain=$APP_DOMAIN --values values-crc.yaml
 ```
 
 ## From a released chart

values-crc.yaml

@@ -0,0 +1,12 @@
+tls:
+  additionalTrustAnchor: /etc/trust-anchor/tls.crt
+
+extraVolumes:
+  - name: trust-anchor
+    configMap:
+      name: crc-trust-anchor
+
+extraVolumeMounts:
+  - name: trust-anchor
+    readOnly: true
+    mountPath: /etc/trust-anchor

values-ocp-no-aws.yaml

@@ -0,0 +1,87 @@
+appDomain: change-me
+
+ingress:
+  className: openshift-default
+
+storage:
+  filesystem:
+    size: 32Gi
+
+database:
+  host: infrastructure-postgresql
+  port: "5432"
+  name: trustify
+  username: trustify
+  password: trustify1234
+
+createDatabase:
+  name: postgres
+  username: postgres
+  password:
+    valueFrom:
+      secretKeyRef:
+        name: infrastructure-postgresql
+        key: postgres-password
+
+migrateDatabase:
+  username: postgres
+  password:
+    valueFrom:
+      secretKeyRef:
+        name: infrastructure-postgresql
+        key: postgres-password
+
+modules:
+  createDatabase:
+    enabled: true
+  migrateDatabase:
+    enabled: true
+
+## Infrastructure Charts
+
+keycloak:
+  enabled: true
+  production: true
+  proxy: reencrypt
+  podSecurityContext:
+    enabled: false
+  containerSecurityContext:
+    enabled: false
+  auth:
+    adminUser: admin
+    adminPassword: admin123456 # notsecret
+  tls:
+    enabled: true
+    existingSecret: sso-tls
+    usePem: true
+  service:
+    annotations:
+      service.beta.openshift.io/serving-cert-secret-name: sso-tls
+  ingress:
+    enabled: true
+    ingressClassName: openshift-default
+    servicePort: https
+    annotations:
+      route.openshift.io/termination: reencrypt
+  postgresql:
+    primary:
+      containerSecurityContext:
+        enabled: false
+      podSecurityContext:
+        enabled: false
+
+postgresql:
+  enabled: false # see remark in Chart.yaml
+
+oidc:
+  clients:
+    frontend: { }
+    walker:
+      clientSecret:
+        value: 5460cc91-4e20-4edd-881c-b15b169f8a79 # notsecret
+    testingUser:
+      clientSecret:
+        value: 0e6bf990-43b4-4efb-95d7-b24f2b94a525 # notsecret
+    testingManager:
+      clientSecret:
+        value: ca48053c-3b82-4650-a98d-4cace7f2d567 # notsecret