titan-iac/services/keycloak/NOTES.md

# services/keycloak

Keycloak is deployed via raw manifests and backed by the shared Postgres (`postgres-service.postgres.svc.cluster.local:5432`). Create these secrets before applying:

```bash
# DB creds (per-service DB/user in shared Postgres)
kubectl -n sso create secret generic keycloak-db \
  --from-literal=username=keycloak \
  --from-literal=password='<DB_PASSWORD>' \
  --from-literal=database=keycloak

# Admin console creds (maps to KC admin user)
kubectl -n sso create secret generic keycloak-admin \
  --from-literal=username=brad@bstein.dev \
  --from-literal=password='<ADMIN_PASSWORD>'
```

Apply:

```bash
kubectl apply -k services/keycloak
```

Notes
- Service: `keycloak.sso.svc:80` (Ingress `sso.bstein.dev`, TLS via cert-manager).
- Uses Postgres schema `public`; DB/user should be provisioned in the shared Postgres instance.
- Health endpoints on :9000 are wired for probes.
restore readmes removed in last commit 2025-12-13 03:57:44 -03:00			`# services/keycloak`

			Keycloak is deployed via raw manifests and backed by the shared Postgres (`postgres-service.postgres.svc.cluster.local:5432`). Create these secrets before applying:

			```bash
			`# DB creds (per-service DB/user in shared Postgres)`
			`kubectl -n sso create secret generic keycloak-db \`
			`--from-literal=username=keycloak \`
			`--from-literal=password='<DB_PASSWORD>' \`
			`--from-literal=database=keycloak`

			`# Admin console creds (maps to KC admin user)`
			`kubectl -n sso create secret generic keycloak-admin \`
			`--from-literal=username=brad@bstein.dev \`
			`--from-literal=password='<ADMIN_PASSWORD>'`
			```

			`Apply:`

			```bash
			`kubectl apply -k services/keycloak`
			```

			`Notes`
			- Service: `keycloak.sso.svc:80` (Ingress `sso.bstein.dev`, TLS via cert-manager).
			- Uses Postgres schema `public`; DB/user should be provisioned in the shared Postgres instance.
			`- Health endpoints on :9000 are wired for probes.`