Skip to content

Commit

Permalink
Merge pull request #62 from bcgov/feat/helmchart
Browse files Browse the repository at this point in the history 
feat: publish helm charts
  • Loading branch information
@junminahn
junminahn authored Dec 15, 2021
2 parents 597cd5f + 1257da5 commit dbec22b
Show file tree
Hide file tree
Showing 20 changed files with 153 additions and 110 deletions.
1 change: 1 addition & 0 deletions .tool-versions
View file
Original file line number Diff line number Diff line change
@@ -1,6 +1,7 @@
nodejs 14.14.0
python 3.8.6
kubectl 1.18.0
oc 4.7.5
helm 3.2.4
yarn 1.22.4
k6 0.34.1
Expand Down
2 changes: 1 addition & 1 deletion helm/keycloak/Chart.yaml
View file
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
apiVersion: v1
name: sso-keycloak
version: 0.1.6
version: 0.1.7
appVersion: 0.1.0
description: Open Source Identity and Access Management For Modern Applications and Services
106 changes: 55 additions & 51 deletions helm/keycloak/README.md
View file
Original file line number Diff line number Diff line change
@@ -1,70 +1,74 @@
# Keycloak Helm Chart
# SSO Keycloak Helm Chart

The helm chart installs `Secret` k8s objects with the release name `sso-keycloak`.
The `SSO Keycloak Helm Chart` provides a easy way to deploy (RedHat SSO)[https://access.redhat.com/products/red-hat-single-sign-on], which is specifically designed for BCGov SSO services, on Openshift.

## Installing the Chart
## Usages

To install the chart on a specific namespace.
### Add this chart repository

```bash
$ make install NAMESPACE=<namespace>
```console
$ helm repo add sso-keycloak https://bcgov.github.io/sso-keycloak
```

To upgrade the chart on a specific namespace.
### Install this chart repository

```bash
$ make upgrade NAMESPACE=<namespace>
```console
$ helm install <release-name> sso-keycloak/sso-keycloak [--namespace <my-namespace>] [--version <x.y.z>] [--values ./custom-values.yaml]
```

To uninstall the chart on a specific namespace.
### Upgrade this chart repository

```bash
$ make uninstall NAMESPACE=<namespace>
```console
$ helm upgrade <release-name> sso-keycloak/sso-keycloak [--namespace <my-namespace>] [--version <x.y.z>] [--values ./custom-values.yaml]
```

To lint the chart on a specific namespace.
### Uninstall this chart repository

```bash
$ make lint NAMESPACE=<namespace>
```console
$ helm uninstall <release-name> [--namespace <my-namespace>]
```

## Configuration

The following table lists the configurable parameters of the Keycloak chart and their default values.

Parameter | Description | Default
--- | --- | ---
`replicaCount` | Number of pods to create | `1`
`image.repository` | container image repository | `ghcr.io/bcgov/sso`
`image.tag` | container image tag | `dev`
`image.pullPolicy` | container image pull policy | `Always`
`nameOverride` | override for the chart name | `sso-keycloak`
`fullNameOverride` | override for the full chart name | `sso-keycloak`
`service.type` | type of service to create | `ClusterIP`
`service.port` | port of service | `8080`
`pingService.enabled` | enable DNS ping | `true`
`pingService.port` | exposed port of ping service | `8888`
`postgres.host` | host of postgres service | `sso-pgsql-master`
`postgres.dbName` | name of database | `rhsso`
`postgres.port` | exposed port of database | `5432`
`postgres.credentials.secret` | name of secret containing database credentials | `sso-pgsql`
`postgres.credentials.adminUsername` | name of admin database user | `postgres`
`postgres.credentials.passwordKey` | Secret key of admin password | `password-superuser`
`postgres.poolSize.min` | Minimum pool size | `5`
`postgres.poolSize.max` | Maximum pool size | `20`
`jgroupsCluster.secret` | Name of secret | `2`
`jgroupsCluster.passwordKey` | Secret key for password | `password`
`additionalServerOptions` | Additional command line options for server | `-Dkeycloak.profile.feature.authorization=enabled -Djboss.persistent.log.dir=/var/log/eap`
`tls.enabled` | Enable tls | `false`
`tls.httpsSecret` | Name of secret for tls cert | `sso-x509-https-secret`
`tls.jgroupsSecret` | Name of secret for jgroups | `sso-x509-jgroups-secret`
`persistentLog.enabled` | Enable persistent logs | `true`
`persistentLog.storageClassName` | Storage class name of volume | `netapp-file-standard`
`persistentLog.path` | Path to save logs | `/var/log/eap`
`resources.limits.memory` | memory limit for pods | `2Gi`
`resources.limits.cpu` | CPU limit for pods | `2`
`resources.requests.cpu` | cpu request for pods | `1250m`
`resources.requests.memory` | memory request for pods | `1Gi`
`nodeSelector` | node labels for pod assignment | `{}`
`tolerations` | toleration settings | `[]`
`affinity` | affinity settings | `{}`
| Parameter | Description | Default |
| ------------------------------------ | ---------------------------------------------- | ------------------------------------------------------------------------------------------ |
| `replicaCount` | Number of pods to create | `1` |
| `image.repository` | container image repository | `ghcr.io/bcgov/sso` |
| `image.tag` | container image tag | `dev` |
| `image.pullPolicy` | container image pull policy | `Always` |
| `nameOverride` | override for the chart name | `sso-keycloak` |
| `fullNameOverride` | override for the full chart name | `sso-keycloak` |
| `service.type` | type of service to create | `ClusterIP` |
| `service.port` | port of service | `8080` |
| `pingService.enabled` | enable DNS ping | `true` |
| `pingService.port` | exposed port of ping service | `8888` |
| `postgres.host` | host of postgres service | `sso-pgsql-master` |
| `postgres.dbName` | name of database | `rhsso` |
| `postgres.port` | exposed port of database | `5432` |
| `postgres.credentials.secret` | name of secret containing database credentials | `sso-pgsql` |
| `postgres.credentials.adminUsername` | name of admin database user | `postgres` |
| `postgres.credentials.passwordKey` | Secret key of admin password | `password-superuser` |
| `postgres.poolSize.min` | Minimum pool size | `5` |
| `postgres.poolSize.max` | Maximum pool size | `20` |
| `additionalServerOptions` | Additional command line options for server | `-Dkeycloak.profile.feature.authorization=enabled -Djboss.persistent.log.dir=/var/log/eap` |
| `tls.enabled` | Enable tls | `false` |
| `tls.httpsSecret` | Name of secret for tls cert | `sso-x509-https-secret` |
| `tls.jgroupsSecret` | Name of secret for jgroups | `sso-x509-jgroups-secret` |
| `persistentLog.enabled` | Enable persistent logs | `true` |
| `persistentLog.storageClassName` | Storage class name of volume | `netapp-file-standard` |
| `persistentLog.path` | Path to save logs | `/var/log/eap` |
| `resources.limits.memory` | memory limit for pods | `2Gi` |
| `resources.limits.cpu` | CPU limit for pods | `2` |
| `resources.requests.cpu` | cpu request for pods | `1250m` |
| `resources.requests.memory` | memory request for pods | `1Gi` |
| `nodeSelector` | node labels for pod assignment | `{}` |
| `tolerations` | toleration settings | `[]` |
| `affinity` | affinity settings | `{}` |

### Notes

- The helm chart installs two `Secret` k8s objects:
1. `<release-name>-admin-secret`: it stores the Keycloak admin password.
1. `<release-name>-jgroups`: it stores the Keycloak cluster jgroups password.
4 changes: 2 additions & 2 deletions helm/keycloak/templates/deployment.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -112,8 +112,8 @@ spec:
- name: JGROUPS_CLUSTER_PASSWORD
valueFrom:
secretKeyRef:
name: {{ .Values.jgroupCluster.secret }}
key: {{ .Values.jgroupCluster.passwordKey }}
name: {{ include "..fullname" . }}-jgroups
key: cluster-password
# Additional server startup options (extension of JAVA_OPTS)
- name: JAVA_OPTS_APPEND
value: {{ .Values.additionalServerOptions }}
Expand Down
2 changes: 1 addition & 1 deletion helm/keycloak/templates/pvc-logs.yaml
View file
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
{{- if .Values.pingService.enabled }}
{{- if .Values.persistentLog.enabled }}
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
Expand Down
16 changes: 16 additions & 0 deletions helm/keycloak/templates/secret.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -13,3 +13,19 @@ metadata:
type: Opaque
data:
password-admin: {{ randAlphaNum 32 | b64enc | quote }}
---
apiVersion: v1
kind: Secret
metadata:
name: {{ include "..fullname" . }}-jgroups
labels:
app: {{ include "..fullname" . }}
chart: {{ include "..chart" . }}
release: {{ .Release.Name }}
heritage: {{ .Release.Service }}
annotations:
"helm.sh/hook": "pre-install"
"helm.sh/hook-delete-policy": "before-hook-creation"
type: Opaque
data:
cluster-password: {{ randAlphaNum 32 | b64enc | quote }}
3 changes: 0 additions & 3 deletions helm/keycloak/values-3d5c3f-dev.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -14,9 +14,6 @@ postgres:
admin:
secret: sso-admin-dev

jgroupCluster:
secret: sso-jgroups-dev

tls:
enabled: true

Expand Down
3 changes: 0 additions & 3 deletions helm/keycloak/values-3d5c3f-prod.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -14,9 +14,6 @@ postgres:
admin:
secret: sso-admin-prod

jgroupCluster:
secret: sso-jgroups-prod

tls:
enabled: true

Expand Down
3 changes: 0 additions & 3 deletions helm/keycloak/values-3d5c3f-test.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -18,9 +18,6 @@ postgres:
adminUsername: postgres
passwordKey: password-superuser

jgroupCluster:
secret: sso-jgroups-test

tls:
enabled: true

Expand Down
3 changes: 0 additions & 3 deletions helm/keycloak/values-6d70e7-dev.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -14,9 +14,6 @@ postgres:
admin:
secret: sso-admin-dev

jgroupCluster:
secret: sso-jgroups-dev

tls:
enabled: true

Expand Down
3 changes: 0 additions & 3 deletions helm/keycloak/values-6d70e7-prod.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -14,9 +14,6 @@ postgres:
admin:
secret: sso-admin-prod

jgroupCluster:
secret: sso-jgroups-prod

tls:
enabled: true

Expand Down
3 changes: 0 additions & 3 deletions helm/keycloak/values-6d70e7-test.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -14,9 +14,6 @@ postgres:
admin:
secret: sso-admin-test

jgroupCluster:
secret: sso-jgroups-test

tls:
enabled: true

Expand Down
24 changes: 24 additions & 0 deletions helm/keycloak/values-b861c7-test.yaml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,24 @@
replicaCount: 2

image:
tag: 7.4-37-rc.2

service:
type: ClusterIP
port: 8443

postgres:
host: sso-patroni
credentials:
secret: sso-patroni

tls:
enabled: true

resources:
limits:
cpu: 2
memory: 2Gi
requests:
cpu: 1250m
memory: 2Gi
4 changes: 0 additions & 4 deletions helm/keycloak/values.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -32,10 +32,6 @@ postgres:
min: 5
max: 20

jgroupCluster:
secret: sso-jgroups
passwordKey: password

# see https://github.com/keycloak/keycloak-containers/blob/master/server/README.md#start-a-keycloak-instance-with-custom-command-line-options
additionalServerOptions: "-Dkeycloak.profile.feature.authorization=enabled -Djboss.persistent.log.dir=/var/log/eap"

Expand Down
2 changes: 1 addition & 1 deletion helm/patroni/Chart.yaml
View file
Original file line number Diff line number Diff line change
@@ -1,7 +1,7 @@
apiVersion: v1
name: patroni
description: "Highly available elephant herd: HA PostgreSQL cluster."
version: 0.16.7
version: 0.16.8
appVersion: 1.5-p5
home: https://github.com/zalando/patroni
sources:
Expand Down
39 changes: 20 additions & 19 deletions helm/patroni/README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -13,25 +13,35 @@ This chart will do the following:

- Implement a HA scalable PostgreSQL 10 cluster using a Kubernetes StatefulSet.

## Installing the Chart
## Usages

To add dependencies:
### Add this chart repository

```console
helm dependency build
$ helm repo add sso-keycloak https://bcgov.github.io/sso-keycloak
$ helm dependency update
```

To install the chart with the release name `patroni`:
### Install this chart repository

```console
$ helm install patroni . -n <namespace>
$ helm install <release-name> sso-keycloak/patroni [--namespace <my-namespace>] [--version <x.y.z>] [--values ./custom-values.yaml]

# To install the chart with randomly generated passwords:
$ helm install patroni . \
--set credentials.superuser="$(< /dev/urandom tr -dc _A-Z-a-z-0-9 | head -c32)",credentials.admin="$(< /dev/urandom tr -dc _A-Z-a-z-0-9 | head -c32)",credentials.standby="$(< /dev/urandom tr -dc _A-Z-a-z-0-9 | head -c32)"
```

To install the chart with randomly generated passwords:
### Upgrade this chart repository

```console
$ helm install patroni . \
--set credentials.superuser="$(< /dev/urandom tr -dc _A-Z-a-z-0-9 | head -c32)",credentials.admin="$(< /dev/urandom tr -dc _A-Z-a-z-0-9 | head -c32)",credentials.standby="$(< /dev/urandom tr -dc _A-Z-a-z-0-9 | head -c32)"
$ helm upgrade <release-name> sso-keycloak/patroni [--namespace <my-namespace>] [--version <x.y.z>] [--values ./custom-values.yaml]
```

### Uninstall this chart repository

```console
$ helm uninstall <release-name> [--namespace <my-namespace>]
```

## Configuration
Expand All @@ -46,6 +56,7 @@ The following table lists the configurable parameters of the patroni chart and t
| `image.repository` | The image to pull | `registry.opensource.zalan.do/acid/spilo-10` |
| `image.tag` | The version of the image to pull | `1.5-p5` |
| `image.pullPolicy` | The pull policy | `IfNotPresent` |
| `credentials.random` | Using passwords created randomly | `true` |
| `credentials.superuser` | Password of the superuser | `tea` |
| `credentials.admin` | Password of the admin | `cola` |
| `credentials.standby` | Password of the replication user | `pinacolada` |
Expand Down Expand Up @@ -88,17 +99,9 @@ The following table lists the configurable parameters of the patroni chart and t

Specify each parameter using the `--set key=value[,key=value]` argument to `helm install`.

Alternatively, a YAML file that specifies the values for the parameters can be provided while installing the chart. For example,

```console
$ helm install --name my-release -f values.yaml incubator/patroni
```

> **Tip**: You can use the default [values.yaml](values.yaml)
## Cleanup

To remove the spawned pods you can run a simple `helm delete <release-name>`.
To remove the spawned pods you can run a simple `helm uninstall <release-name> [--namespace <my-namespace>]`.

Helm will however preserve created persistent volume claims and configmaps,
to also remove them execute the commands below.
Expand All @@ -110,8 +113,6 @@ $ kubectl delete pvc -l release=$release
$ kubectl delete configmaps -l release=$release
```



## Internals

Patroni is responsible for electing a PostgreSQL master pod by leveraging the
Expand Down
4 changes: 2 additions & 2 deletions helm/patroni/requirements.lock
View file
Original file line number Diff line number Diff line change
Expand Up @@ -8,5 +8,5 @@ dependencies:
- name: consul
repository: https://charts.helm.sh/stable
version: 3.6.1
digest: sha256:1d1ed086586703e7cdc528c6d44e5c03f68f3f4fddfc713e50898eff18dc5acf
generated: "2020-10-30T00:42:58.035153-04:00"
digest: sha256:f9ef1101460c219c9cef3c44b360d1c9d4b206f56eaa95fae98f95ca76a92781
generated: "2021-12-15T11:37:39.9090521-08:00"
10 changes: 0 additions & 10 deletions helm/patroni/templates/ep-patroni.yaml
View file

This file was deleted.

Loading

0 comments on commit dbec22b

Please sign in to comment.