--- apiVersion: db-caretaker.dev/v1alpha1 kind: Database metadata: name: sds spec: dropOnDelete: true name: sds serverRef: name: pg-common namespace: commons --- apiVersion: db-caretaker.dev/v1alpha1 kind: DatabaseUser metadata: name: sds-api spec: databaseRef: name: sds login: sdsapi role: dbowner secret: sds-api-db-credentials secretConnectionStringKey: connectionString secretConnectionStringFormat: postgres://{login}:{password_urlsafe}@{server}:{port}/{database} --- apiVersion: keycloak-configurator.rcs/v1alpha1 kind: KcRealm metadata: name: sds-agents spec: realm: sds-agents displayName: "SDS Agents" loginWithEmailAllowed: true bruteForceDetection: enabled: true excludeDefaultRoles: - client: account name: manage-account - client: account name: view-profile roles: - name: "sds:admin" - name: "sds:agent" - name: "sds:helpdesk" - name: "sds:reporting" --- apiVersion: keycloak-configurator.rcs/v1alpha1 kind: KcClient metadata: name: sds-agents-api spec: realm: sds-agents clientId: sds-api name: SDS Api publicClient: false standardFlowEnabled: true serviceAccountsEnabled: true clientSecretName: sds-agents-api-client-credentials --- apiVersion: keycloak-configurator.rcs/v1alpha1 kind: KcGroup metadata: name: sds-agents-api spec: realm: sds-agents name: sds-api clientRoles: realm-management: - manage-realm - manage-users - manage-clients - view-users realmRoles: - sds:admin users: - service-account-sds-api --- apiVersion: keycloak-configurator.rcs/v1alpha1 kind: KcClient metadata: name: sds-agents-ui spec: realm: sds-agents clientId: sds-ui-admin name: SDS UI publicClient: true standardFlowEnabled: true serviceAccountsEnabled: true clientSecretName: sds-agents-ui-client-credentials redirectUris: - "*" webOrigins: - "*" --- apiVersion: keycloak-configurator.rcs/v1alpha1 kind: KcRealm metadata: name: sds-third-parties spec: realm: sds-third-parties displayName: "SDS Third Parties" loginWithEmailAllowed: true bruteForceDetection: enabled: true excludeDefaultRoles: - client: account name: manage-account - client: account name: view-profile roles: - name: "sds:administration" - name: "sds:standard" - name: "sds:third-parties" --- apiVersion: keycloak-configurator.rcs/v1alpha1 kind: KcClient metadata: name: sds-third-parties-api spec: realm: sds-third-parties clientId: sds-api name: SDS Api publicClient: false standardFlowEnabled: true serviceAccountsEnabled: true clientSecretName: sds-third-parties-api-client-credentials --- apiVersion: keycloak-configurator.rcs/v1alpha1 kind: KcGroup metadata: name: sds-third-parties-api spec: realm: sds-third-parties name: sds-api clientRoles: realm-management: - manage-realm - manage-users - manage-clients - view-users users: - service-account-sds-api --- apiVersion: keycloak-configurator.rcs/v1alpha1 kind: KcRealm metadata: name: sds-customers spec: realm: sds-customers displayName: "SDS Customers" loginWithEmailAllowed: true bruteForceDetection: enabled: true excludeDefaultRoles: - client: account name: manage-account - client: account name: view-profile roles: - name: "sds:admin" - name: "sds:customer" - name: "sds:ui" --- apiVersion: keycloak-configurator.rcs/v1alpha1 kind: KcClient metadata: name: sds-customers-api spec: realm: sds-customers clientId: sds-api name: SDS Api publicClient: false standardFlowEnabled: true serviceAccountsEnabled: true clientSecretName: sds-customers-api-client-credentials --- apiVersion: keycloak-configurator.rcs/v1alpha1 kind: KcGroup metadata: name: sds-customers-api spec: realm: sds-customers name: sds-api clientRoles: realm-management: - manage-realm - manage-users - manage-clients - view-users users: - service-account-sds-api --- apiVersion: keycloak-configurator.rcs/v1alpha1 kind: KcRealm metadata: name: sds-retailers spec: realm: sds-retailers displayName: "SDS Retailers" loginWithEmailAllowed: true bruteForceDetection: enabled: true excludeDefaultRoles: - client: account name: manage-account - client: account name: view-profile roles: - name: "sds:retailer" --- apiVersion: keycloak-configurator.rcs/v1alpha1 kind: KcClient metadata: name: sds-retailers-api spec: realm: sds-retailers clientId: sds-api name: SDS Api publicClient: false standardFlowEnabled: true serviceAccountsEnabled: true clientSecretName: sds-retailers-api-client-credentials --- apiVersion: keycloak-configurator.rcs/v1alpha1 kind: KcGroup metadata: name: sds-retailers-api spec: realm: sds-retailers name: sds-api clientRoles: realm-management: - manage-realm - manage-users - manage-clients - view-users users: - service-account-sds-api --- apiVersion: keycloak-configurator.rcs/v1alpha1 kind: KcRealm metadata: name: sds-docs spec: realm: sds-docs displayName: "SDS Docs" loginWithEmailAllowed: true bruteForceDetection: enabled: true excludeDefaultRoles: - client: account name: manage-account - client: account name: view-profile --- apiVersion: apps/v1 kind: Deployment metadata: name: sds-api spec: replicas: 1 selector: matchLabels: app.kubernetes.io/instance: sds-api app.kubernetes.io/name: sds-api template: metadata: labels: app.kubernetes.io/instance: sds-api app.kubernetes.io/name: sds-api spec: containers: - name: api image: registry.dev.k8s.transcity/sds/api:latest imagePullPolicy: Always env: - name: SERVER_PORT value: "3000" - name: EVENTS_TURNIT_ENABLED value: "false" - name: EVENTS_AZURE_ENABLED value: "false" - name: SDS_PUPPETEER_API_URL value: "http://sds-puppeteer:3000" - name: PRINT_REPORT_URL value: "http://sds-ui-admin:3000" - name: REDIS_HOST value: "valkey" - name: ELASTICSEARCH_URL value: "http://elastic:GTRNZHCJTiGJ2CfY@elasticsearch-master:9200" - name: DATABASE_URL valueFrom: secretKeyRef: name: sds-api-db-credentials key: connectionString - name: KEYCLOAK_URL value: "https://keycloak.alpha.k8s.transcity" - name: KEYCLOAK_AGENTS_REALM value: sds-agents - name: KEYCLOAK_AGENTS_CLIENT_ID valueFrom: secretKeyRef: name: sds-agents-api-client-credentials key: clientId - name: KEYCLOAK_AGENTS_CLIENT_SECRET valueFrom: secretKeyRef: name: sds-agents-api-client-credentials key: clientSecret - name: PRINTER_REALM value: sds-agents - name: PRINTER_CLIENT_ID valueFrom: secretKeyRef: name: sds-agents-api-client-credentials key: clientId - name: PRINTER_CLIENT_SECRET valueFrom: secretKeyRef: name: sds-agents-api-client-credentials key: clientSecret - name: KEYCLOAK_THIRD_PARTY_REALM value: sds-third-parties - name: KEYCLOAK_THIRD_PARTY_CLIENT_ID valueFrom: secretKeyRef: name: sds-third-parties-api-client-credentials key: clientId - name: KEYCLOAK_THIRD_PARTY_CLIENT_SECRET valueFrom: secretKeyRef: name: sds-third-parties-api-client-credentials key: clientSecret - name: KEYCLOAK_CUSTOMERS_REALM value: sds-customers - name: KEYCLOAK_CUSTOMERS_CLIENT_ID valueFrom: secretKeyRef: name: sds-customers-api-client-credentials key: clientId - name: KEYCLOAK_CUSTOMERS_CLIENT_SECRET valueFrom: secretKeyRef: name: sds-customers-api-client-credentials key: clientSecret - name: KEYCLOAK_RETAILERS_REALM value: sds-retailers - name: KEYCLOAK_RETAILERS_CLIENT_ID valueFrom: secretKeyRef: name: sds-retailers-api-client-credentials key: clientId - name: KEYCLOAK_RETAILERS_CLIENT_SECRET valueFrom: secretKeyRef: name: sds-retailers-api-client-credentials key: clientSecret - name: AZ_STORAGE_CONNECTION_STRING value: "DefaultEndpointsProtocol=http;AccountName=devstoreaccount1;AccountKey=Eby8vdM02xNOcqFlqUwJPLlmEtlCDXJ1OUzFT50uSRZ6IFsuFq2UVErCz4I6tq/K1SZFPTOtr/KBHBeksoGMGw==;BlobEndpoint=http://azurite:10000/devstoreaccount1;" - name: NODE_EXTRA_CA_CERTS value: /etc/ssl/certs/ca-certificates.crt ports: - name: http containerPort: 3000 readinessProbe: exec: command: [ "wget", "-O", "/dev/null", "-q", "http://127.0.0.1:3000/health" ] failureThreshold: 3 initialDelaySeconds: 10 periodSeconds: 5 successThreshold: 1 timeoutSeconds: 2 volumeMounts: - name: root-ca-bundle mountPath: /etc/ssl/certs/ca-certificates.crt subPath: ca.crt readOnly: true volumes: - name: root-ca-bundle secret: secretName: root-ca-bundle --- apiVersion: v1 kind: Service metadata: name: sds-api spec: ports: - name: http port: 3000 targetPort: http selector: app.kubernetes.io/instance: sds-api app.kubernetes.io/name: sds-api type: ClusterIP