Skip to content

Commit

Permalink
feat: quarkus keycloak chart (#47)
Browse files Browse the repository at this point in the history 
* feat: initial working version of deployment for kc

* feat: new readyness and health check

* feat: grant permissions to public schema

* feat: extraEnvs and route path rewrite

* feat: revertroute path rewrite

* chore: create the new chart number

* chore: updtate the values file to have correct images

* chore: update patroni version

* chore: change the base image tag

---------

Co-authored-by: Nithin Shekar Kuruba <nithinshekar.kuruba@gov.bc.ca>
  • Loading branch information
@thegentlemanphysicist @NithinKuruba
thegentlemanphysicist and NithinKuruba authored Jul 8, 2024
1 parent 236924d commit 51f8893
Show file tree
Hide file tree
Showing 4 changed files with 43 additions and 27 deletions.
6 changes: 3 additions & 3 deletions charts/keycloak/Chart.yaml
View file
Original file line number Diff line number Diff line change
@@ -1,11 +1,11 @@
apiVersion: v1
name: sso-keycloak
version: 1.15.2
appVersion: 7.6.39-build.1
version: 1.16.0
appVersion: 24.0.5-build.1
description: Open Source Identity and Access Management For Modern Applications and Services
dependencies:
- name: patroni
version: 1.5.2
version: 1.6.0
repository: https://bcgov.github.io/sso-helm-charts
tags:
- patroni-enabled
47 changes: 28 additions & 19 deletions charts/keycloak/templates/deployment.yaml
View file
Original file line number Diff line number Diff line change
@@ -1,5 +1,4 @@
{{- $configDir := "/opt/eap/standalone/configuration" -}}

apiVersion: apps/v1
kind: Deployment
metadata:
Expand Down Expand Up @@ -55,15 +54,18 @@ spec:
resources:
{{- toYaml .Values.resources | nindent 12 }}
command: ["/bin/sh", "-c"]
# args:
# - |
# base_config={{ $configDir }}-provisioning/standalone-openshift.xml
# target_config={{ $configDir }}/standalone-openshift.xml
# if [[ -f "$base_config" ]]; then
# rm "$target_config"
# cp "$base_config" "$target_config"
# fi;
# /opt/keycloak/bin/kc.sh;
args:
- |
base_config={{ $configDir }}-provisioning/standalone-openshift.xml
target_config={{ $configDir }}/standalone-openshift.xml
if [[ -f "$base_config" ]]; then
rm "$target_config"
cp "$base_config" "$target_config"
fi;
/opt/eap/bin/openshift-launch.sh;
/opt/keycloak/bin/kc.sh start
{{- if .Values.livenessProbe.enabled }}
livenessProbe:
{{- if eq .Values.livenessProbe.verification "script"}}
Expand All @@ -74,7 +76,7 @@ spec:
- timeout 60 /opt/eap/bin/livenessProbe.sh
{{- else }}
httpGet:
path: /auth/realms/master/.well-known/openid-configuration
path: /auth/health/live
port: 8080
{{- end -}}
{{ (omit .Values.livenessProbe "enabled" "verification") | toYaml | nindent 12 }}
Expand All @@ -90,7 +92,7 @@ spec:
- timeout 60 /opt/eap/bin/readinessProbe.sh
{{- else }}
httpGet:
path: /auth/realms/master/.well-known/openid-configuration
path: /auth/health/ready
port: 8080
{{- end -}}
{{ (omit .Values.readinessProbe "enabled" "verification") | toYaml | nindent 12 }}
Expand All @@ -110,12 +112,12 @@ spec:
protocol: TCP
env:
# Postgres Service Endpoint
- name: DB_POSTGRESQL_SERVICE_HOST
value: {{ .Values.postgres.host }}
- name: DB_POSTGRESQL_SERVICE_PORT
value: {{ .Values.postgres.port | quote }}
- name: KC_DB
value: postgres
- name: KC_DB_URL
value: {{ printf "jdbc:postgresql://%s:%d/%s" .Values.postgres.host (.Values.postgres.port | int) .Values.postgres.database | quote}}
# DB Credentials
- name: DB_USERNAME
- name: KC_DB_USERNAME
{{- if and .Values.postgres.credentials.secret .Values.postgres.credentials.usernameKey }}
valueFrom:
secretKeyRef:
Expand All @@ -124,7 +126,7 @@ spec:
{{- else -}}
value: {{ .Values.postgres.credentials.username }}
{{- end }}
- name: DB_PASSWORD
- name: KC_DB_PASSWORD
{{- if and .Values.postgres.credentials.secret .Values.postgres.credentials.passwordKey }}
valueFrom:
secretKeyRef:
Expand All @@ -133,15 +135,15 @@ spec:
{{- else -}}
value: {{ .Values.postgres.credentials.password }}
{{- end }}
- name: DB_DATABASE
- name: KC_DB_URL_DATABASE
value: {{ .Values.postgres.database }}
# DB Admin Credentials
- name: SSO_ADMIN_USERNAME
- name: KEYCLOAK_ADMIN
valueFrom:
secretKeyRef:
name: {{ include "sso-keycloak.fullname" . }}-admin
key: username
- name: SSO_ADMIN_PASSWORD
- name: KEYCLOAK_ADMIN_PASSWORD
valueFrom:
secretKeyRef:
name: {{ include "sso-keycloak.fullname" . }}-admin
Expand Down Expand Up @@ -180,6 +182,13 @@ spec:
value: db-postgresql=DB
- name: TZ
value: America/Vancouver
- name: KC_HOSTNAME_STRICT_HTTPS
value: "true"
- name: KC_HTTP_RELATIVE_PATH
value: "/auth"
{{ with .Values.extraEnvs }}
{{- toYaml . | nindent 12 }}
{{ end }}
volumeMounts:
{{- if .Values.tls.enabled }}
- mountPath: /etc/x509/https
Expand Down
6 changes: 6 additions & 0 deletions charts/keycloak/templates/route.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -24,3 +24,9 @@ spec:
{{ else }}
name: {{ include "sso-keycloak.fullname" . }}
{{ end }}
port:
{{ if .Values.tls.enabled }}
targetPort: https
{{ else }}
targetPort: http
{{ end }}
11 changes: 6 additions & 5 deletions charts/keycloak/values.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,7 @@ replicaCount: 1

image:
repository: ghcr.io/bcgov/sso
tag: 7.6.2-build.2
tag: 24.0.5-build.1
pullPolicy: Always

project: sso-keycloak
Expand Down Expand Up @@ -131,12 +131,13 @@ rbac:

patroni:
replicaCount: 3
# RH-SSO v7.5-9 is not tested with PostgreSQL 14

image:
repository: registry.opensource.zalan.do/acid/spilo-13
tag: 2.1-p1
repository: ghcr.io/zalando/spilo-15
tag: 3.2-p1
pullPolicy: Always

postgresMajorVersion: 13
postgresMajorVersion: 15

project: sso-keycloak
nameOverride: sso-patroni
Expand Down

0 comments on commit 51f8893

Please sign in to comment.