chore(keyclok): switch to using a secret for admin credentials, try to use Postgres instead of SQLite

apps/keycloak/base/keycloak.yaml

@@ -1,4 +1,14 @@
 apiVersion: v1
+data:
+  password: YkJiNXU3NXRaYUR0ZHVudw==
+  username: YWRtaW4=
+kind: Secret
+metadata:
+  name: keycloak-admin
+type: kubernetes.io/basic-auth
+
+---
+apiVersion: v1
 kind: Service
 metadata:
   name: keycloak
@@ -12,6 +22,7 @@ spec:
   selector:
     app: keycloak
   type: LoadBalancer
+
 ---
 apiVersion: apps/v1
 kind: Deployment
@@ -35,11 +46,47 @@ spec:
           args: ["start-dev"]
           env:
             - name: KEYCLOAK_ADMIN
-              value: "admin"
+              valueFrom:
+                secretKeyRef:
+                  key: username
+                  name: keycloak-admin
             - name: KEYCLOAK_ADMIN_PASSWORD
-              value: "bBb5u75tZaDtdunw"
+              valueFrom:
+                secretKeyRef:
+                  key: password
+                  name: keycloak-admin
             - name: KC_PROXY
               value: "edge"
+            - name: KC_HEALTH_ENABLED
+              value: "true"
+            - name: KC_METRICS_ENABLED
+              value: "true"
+            - name: KC_HOSTNAME_STRICT_HTTPS
+              value: "true"
+            - name: KC_LOG_LEVEL
+              value: INFO
+            - name: KC_DB
+              value: postgres
+            - name: POSTGRES_DB
+              valueFrom:
+                secretKeyRef:
+                  name: keycloak-app
+                  key: username
+            - name: KC_DB_URL
+              valueFrom:
+                secretKeyRef:
+                  name: keycloak-app
+                  key: jdbc-uri
+            - name: KC_DB_USERNAME
+              valueFrom:
+                secretKeyRef:
+                  name: keycloak-app
+                  key: username
+            - name: KC_DB_PASSWORD
+              valueFrom:
+                secretKeyRef:
+                  name: keycloak-app
+                  key: password
           ports:
             - name: http
               containerPort: 8080

apps/keycloak/base/pg.yaml

@@ -1,9 +1,57 @@
+apiVersion: v1
+kind: Secret
+metadata:
+  name: backup-creds
+data:
+  ACCESS_KEY_ID: a2V5X2lk
+  ACCESS_SECRET_KEY: c2VjcmV0X2tleQ==
+
+---
 apiVersion: postgresql.cnpg.io/v1
 kind: Cluster
 metadata:
-  name: keycloak
+  name: keycloak-pg-cluster
 spec:
   instances: 1
 
   storage:
     size: 1Gi
+
+  bootstrap:
+    initdb:
+      database: keycloak
+
+  # enableSuperuserAccess: true
+
+  # backup:
+  #   barmanObjectStore:
+  #     destinationPath: s3://cluster-example-full-backup/
+  #     endpointURL: http://custom-endpoint:1234
+  #     s3Credentials:
+  #       accessKeyId:
+  #         name: backup-creds
+  #         key: ACCESS_KEY_ID
+  #       secretAccessKey:
+  #         name: backup-creds
+  #         key: ACCESS_SECRET_KEY
+  #     wal:
+  #       compression: gzip
+  #       encryption: AES256
+  #     data:
+  #       compression: gzip
+  #       encryption: AES256
+  #       immediateCheckpoint: false
+  #       jobs: 2
+  #   retentionPolicy: "30d"
+
+  # resources:
+  #   requests:
+  #     memory: "512Mi"
+  #     cpu: "1"
+  #   limits:
+  #     memory: "1Gi"
+  #     cpu: "2"
+
+  # affinity:
+  #   enablePodAntiAffinity: true
+  #   topologyKey: failure-domain.beta.kubernetes.io/zone