init

Dockerfile

@@ -0,0 +1,19 @@
+FROM ansibleplaybookbundle/apb-base
+
+LABEL "com.redhat.apb.version"="0.1.0"
+LABEL "com.redhat.apb.spec"=\
+"bmFtZToga2V5Y2xvYWstYXBiCmltYWdlOiBwYnJvb2tlcy9rZXljbG9hay1hcGIKZGVzY3JpcHRp\
+b246IEtleWNsb2FrIC0gc2VjdXJlIGtleS92YWx1ZSBzdG9yZQpiaW5kYWJsZTogVHJ1ZQphc3lu\
+Yzogb3B0aW9uYWwKbWV0YWRhdGE6CiAgZGlzcGxheU5hbWU6IFBoaWxzIGtleWNsb2FrCnBsYW5z\
+OgogIC0gbmFtZTogZGVmYXVsdAogICAgZGVzY3JpcHRpb246IFRoaXMgZGVmYXVsdCBwbGFuIGRl\
+cGxveXMga2V5Y2xvYWstYXBiCiAgICBmcmVlOiBUcnVlCiAgICBtZXRhZGF0YToge30KICAgIHBh\
+cmFtZXRlcnM6IAogICAgLSBuYW1lOiBBRE1JTl9VU0VSTkFNRQogICAgICByZXF1aXJlZDogVHJ1\
+ZQogICAgICBkZWZhdWx0OiBhZG1pbgogICAgICB0eXBlOiBzdHJpbmcKICAgICAgdGl0bGU6IEtl\
+eWNsb2FrIGFkbWluIHVzZXJuYW1lCiAgICAtIG5hbWU6IEFETUlOX1BBU1NXT1JECiAgICAgIHJl\
+cXVpcmVkOiBUcnVlCiAgICAgIGRlZmF1bHQ6IGFkbWluCiAgICAgIHR5cGU6IHN0cmluZwogICAg\
+ICB0aXRsZTogS2V5Y2xvYWsgYWRtaW4gcGFzc3dvcmQ="
+
+COPY playbooks /opt/apb/actions
+COPY roles /opt/ansible/roles
+RUN chmod -R g=u /opt/{ansible,apb}
+USER apb

apb.yml

@@ -0,0 +1,23 @@
+name: keycloak-apb
+image: pbrookes/keycloak-apb
+description: Keycloak - secure key/value store
+bindable: True
+async: optional
+metadata:
+  displayName: Phils keycloak
+plans:
+  - name: default
+    description: This default plan deploys keycloak-apb
+    free: True
+    metadata: {}
+    parameters: 
+    - name: ADMIN_USERNAME
+      required: True
+      default: admin
+      type: string
+      title: Keycloak admin username
+    - name: ADMIN_PASSWORD
+      required: True
+      default: admin
+      type: string
+      title: Keycloak admin password

playbooks/deprovision.yml

@@ -0,0 +1,10 @@
+- name: keycloak-apb playbook to deprovision the application
+  hosts: localhost
+  gather_facts: false
+  connection: local
+  roles:
+  - role: ansible.kubernetes-modules
+    install_python_requirements: no
+  - role: ansibleplaybookbundle.asb-modules
+  - role: deprovision-keycloak-apb
+    playbook_debug: false

playbooks/provision.yml

@@ -0,0 +1,10 @@
+- name: keycloak-apb playbook to provision the application
+  hosts: localhost
+  gather_facts: false
+  connection: local
+  roles:
+  - role: ansible.kubernetes-modules
+    install_python_requirements: no
+  - role: ansibleplaybookbundle.asb-modules
+  - role: provision-keycloak-apb
+    playbook_debug: false

roles/deprovision-keycloak-apb/tasks/main.yml

@@ -0,0 +1,35 @@
+##############################################################################
+## Deprovision keycloak
+## This role executes much of the needed functionality to deprovision an
+## application using an Ansible Playbook Bundle and delete resources created
+## in the sample apb generated by the provision role.
+##############################################################################
+
+
+##############################################################################
+## Deprovision a route
+##############################################################################
+- openshift_v1_route:
+  name: keycloak
+  namespace: '{{ namespace }}'
+  state: absent
+
+
+##############################################################################
+## Deprovision a service
+##############################################################################
+- k8s_v1_service:
+  name: keycloak
+  namespace: '{{ namespace }}'
+  state: absent
+
+
+##############################################################################
+## Deprovision a deployment config
+## When removing a Deployment Config, OpenShift will automatically clean up
+## its associated resources like replication controllers and pods
+##############################################################################
+- openshift_v1_deployment_config:
+  name: keycloak
+  namespace: '{{ namespace }}'
+  state: absent

roles/provision-keycloak-apb/defaults/main.yml

@@ -0,0 +1,2 @@
+---
+playbook_debug: no

roles/provision-keycloak-apb/tasks/main.yml

@@ -0,0 +1,96 @@
+##############################################################################
+## Provision keycloak
+## This role executes much of the needed functionality to provision an
+## application using an Ansible Playbook Bundle.  Included in the comments
+## below are some sample resources for getting started deploying an application
+## to OpenShift.
+##############################################################################
+
+
+##############################################################################
+## An OpenShift Origin deployment configuration provides a replication
+## controller, spins up pods, and also provides the ability to transition from
+## one deployment of an image to a new one.
+## https://docs.openshift.org/latest/architecture/core_concepts/deployments.html#deployments-and-deployment-configurations
+##############################################################################
+- name: create deployment config
+  openshift_v1_deployment_config:
+    name: keycloak
+    namespace: '{{ namespace }}'
+    labels:
+      app: keycloak
+      service: keycloak
+    replicas: 1
+    selector:
+      app: keycloak
+      service: keycloak
+    spec_template_metadata_labels:
+      app: keycloak
+      service: keycloak
+    containers:
+    - env:
+      - name: KEYCLOAK_USER
+        value: '{{ADMIN_USERNAME}}'
+      - name: KEYCLOAK_PASSWORD
+        value: '{{ADMIN_PASSWORD}}'
+      image: docker.io/jimmidyson/keycloak-openshift:2.5.4.Final # replace with your application image
+      name: keycloak
+      ports:
+      - container_port: 8080
+        protocol: TCP
+
+
+##############################################################################
+## A Kubernetes service serves as an internal load balancer.  It identifies a
+## set of replicated pods in order to proxy the connections it receives to them.
+## https://docs.openshift.org/latest/architecture/core_concepts/pods_and_services.html#services
+##############################################################################
+- name: create keycloak service
+  k8s_v1_service:
+    name: keycloak
+    namespace: '{{ namespace }}'
+    labels:
+      app: keycloak
+      service: keycloak
+    selector:
+      app: keycloak
+      service: keycloak
+    ports:
+      - name: web
+        port: 80
+        target_port: 8080
+
+
+##############################################################################
+## An OpenShift Origin route exposes a service at a host name, so that external
+## clients can reach it by name. Each route consists of a name, a service
+## selector, and an optional security configuration.
+## https://docs.openshift.org/latest/architecture/core_concepts/routes.html
+##############################################################################
+- name: create keycloak route
+  openshift_v1_route:
+    name: keycloak
+    namespace: '{{ namespace }}'
+    labels:
+      app: keycloak
+      service: keycloak
+    to_name: keycloak
+    spec_port_target_port: web
+
+# - name: create keycloak secret
+#   k8s_v1_secret:
+#     name: keycloak-auth
+#     namespace: '{{ namespace }}'
+#     labels:
+#       app: keycloak
+#       service: keycloak
+#     string_data:
+#       keycloak_admin_user: '{{ADMIN_USERNAME}}'
+#       keycloak_admin_pass: '{{ADMIN_PASSWORD}}'
+
+
+- name: encode bind credentials
+  asb_encode_binding:
+    fields:
+      keycloak_admin_user: '{{ADMIN_USERNAME}}'
+      keycloak_admin_pass: '{{ADMIN_PASSWORD}}'