Renovate Bot
483969ac99
Some checks failed
Terraform CI/CD / Terraform Format, Validate, Lint, Scan (pull_request) Successful in 2m8s
Terraform CI/CD / Terraform Plan (pull_request) Failing after 57s
Terraform CI/CD / Terraform Apply (pull_request) Has been skipped
Terraform CI/CD / Terraform Format, Validate, Lint, Scan (push) Successful in 1m10s
Terraform CI/CD / Terraform Plan (push) Has been skipped
Terraform CI/CD / Terraform Apply (push) Successful in 45s
96 lines
2.1 KiB
HCL
96 lines
2.1 KiB
HCL
job "keycloak" {
|
|
|
|
group "keycloak" {
|
|
|
|
network {
|
|
mode = "bridge"
|
|
port "http" {
|
|
to = 8080
|
|
}
|
|
port "envoy_metrics" {
|
|
to = 9102
|
|
}
|
|
}
|
|
|
|
service {
|
|
provider = "consul"
|
|
port = "8080"
|
|
|
|
meta {
|
|
envoy_metrics_port = "${NOMAD_HOST_PORT_envoy_metrics}"
|
|
}
|
|
|
|
connect {
|
|
sidecar_service {
|
|
proxy {
|
|
config {
|
|
protocol = "http"
|
|
}
|
|
expose {
|
|
path {
|
|
path = "/metrics"
|
|
protocol = "http"
|
|
local_path_port = 9102
|
|
listener_port = "envoy_metrics"
|
|
}
|
|
}
|
|
transparent_proxy {}
|
|
}
|
|
}
|
|
}
|
|
|
|
tags = [
|
|
"traefik.enable=true",
|
|
|
|
"traefik.http.routers.keycloak.rule=Host(`sso.brmartin.co.uk`)",
|
|
"traefik.http.routers.keycloak.entrypoints=websecure",
|
|
"traefik.consulcatalog.connect=true",
|
|
]
|
|
}
|
|
|
|
task "keycloak" {
|
|
driver = "docker"
|
|
|
|
config {
|
|
image = "quay.io/keycloak/keycloak:26.2.5"
|
|
|
|
args = ["start"]
|
|
}
|
|
|
|
env = {
|
|
KC_DB = "postgres"
|
|
KC_DB_USERNAME = "keycloak"
|
|
KC_DB_URL_HOST = "martinibar.lan"
|
|
KC_DB_URL_PORT = "5433"
|
|
KC_DB_URL_PROPERTIES = "?sslmode=disable"
|
|
KC_DB_URL_DATABASE = "keycloak"
|
|
KC_HTTP_ENABLED = "true"
|
|
KC_PROXY_HEADERS = "xforwarded"
|
|
KC_HTTP_HOST = "127.0.0.1"
|
|
KC_HOSTNAME = "sso.brmartin.co.uk"
|
|
JAVA_OPTS_KC_HEAP = "-Xms200m -Xmx200m"
|
|
}
|
|
|
|
resources {
|
|
cpu = 500
|
|
memory = 250
|
|
memory_max = 1024
|
|
}
|
|
|
|
template {
|
|
data = <<-EOF
|
|
{{ with nomadVar "nomad/jobs/keycloak/keycloak/keycloak" }}
|
|
KC_DB_PASSWORD={{.keycloak_db_password}}
|
|
{{ end }}
|
|
EOF
|
|
|
|
destination = "secrets/file.env"
|
|
env = true
|
|
}
|
|
}
|
|
|
|
meta = {
|
|
"service.name" = "keycloak"
|
|
}
|
|
}
|
|
}
|