apiVersion: networking.k8s.io/v1 kind: Ingress metadata: name: debugger namespace: keycloak spec: ingressClassName: haproxy rules: - host: debug.werts.us http: paths: - path: / pathType: Prefix backend: service: name: debugger port: number: 9009 --- apiVersion: apps/v1 kind: Deployment metadata: namespace: keycloak name: debugger spec: replicas: 1 selector: matchLabels: app: debugger template: metadata: labels: app: debugger spec: containers: - image: beryju/oidc-test-client:latest name: debugger env: - name: OIDC_DO_REFRESH value: "false" - name: OIDC_DO_INTROSPECTION value: "false" - name: OIDC_CLIENT_ID valueFrom: secretKeyRef: name: debugger-oidc-secret key: id - name: OIDC_CLIENT_SECRET valueFrom: secretKeyRef: name: debugger-oidc-secret key: secret - name: OIDC_PROVIDER value: https://auth.werts.us/realms/werts - name: OIDC_ROOT_URL value: https://debug.werts.us/ ports: - containerPort: 9009 name: http protocol: TCP restartPolicy: Always --- apiVersion: v1 kind: Service metadata: name: debugger namespace: keycloak spec: ports: - port: 9009 protocol: TCP targetPort: 9009 selector: app: debugger type: ClusterIP --- apiVersion: external-secrets.io/v1beta1 kind: ExternalSecret metadata: name: debugger-oidc-secret namespace: keycloak spec: data: - remoteRef: key: oidc client - debugger property: username secretKey: id - remoteRef: key: oidc client - debugger property: password secretKey: secret - remoteRef: key: oidc client - debugger property: discovery_url secretKey: discovery_url refreshInterval: 60s secretStoreRef: kind: ClusterSecretStore name: bitwarden target: name: debugger-oidc-secret