sa_8001/cmoa_installer_ansible
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

update

Browse Source
This commit is contained in:
havelight-ee
2023-02-06 15:01:53 +09:00
commit 2b70528618
1022 changed files with 119427 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

61
roles/cmoa_install/files/04-keycloak/templates/NOTES.txt Normal file
View File

@@ -0,0 +1,61 @@
***********************************************************************
* *
* Keycloak Helm Chart by codecentric AG *
* *
***********************************************************************
{{- if .Values.ingress.enabled }}
Keycloak was installed with an Ingress and an be reached at the following URL(s):
{{ range $unused, $rule := .Values.ingress.rules }}
{{- range $rule.paths }}
- http{{ if $.Values.ingress.tls }}s{{ end }}://{{ $rule.host }}{{ . }}
{{- end }}
{{- end }}
{{- else if eq "NodePort" .Values.service.type }}
Keycloak was installed with a Service of type NodePort.
{{ if .Values.service.httpNodePort }}
Get its HTTP URL with the following commands:
export NODE_PORT=$(kubectl get --namespace imxc service {{ include "keycloak.fullname" . }}-http --template='{{"{{ range .spec.ports }}{{ if eq .name \"http\" }}{{ .nodePort }}{{ end }}{{ end }}"}}')
export NODE_IP=$(kubectl get nodes --namespace imxc -o jsonpath="{.items[0].status.addresses[0].address}")
echo "http://$NODE_IP:$NODE_PORT"
{{- end }}
{{ if .Values.service.httpsNodePort }}
Get its HTTPS URL with the following commands:
export NODE_PORT=$(kubectl get --namespace imxc service {{ include "keycloak.fullname" . }}-http --template='{{"{{ range .spec.ports }}{{ if eq .name \"https\" }}{{ .nodePort }}{{ end }}{{ end }}"}}')
export NODE_IP=$(kubectl get nodes --namespace imxc -o jsonpath="{.items[0].status.addresses[0].address}")
echo "http://$NODE_IP:$NODE_PORT"
{{- end }}
{{- else if eq "LoadBalancer" .Values.service.type }}
Keycloak was installed with a Service of type LoadBalancer
NOTE: It may take a few minutes for the LoadBalancer IP to be available.
You can watch the status of by running 'kubectl get --namespace imxc service -w {{ include "keycloak.fullname" . }}'
Get its HTTP URL with the following commands:
export SERVICE_IP=$(kubectl get service --namespace imxc {{ include "keycloak.fullname" . }}-http --template "{{"{{ range (index .status.loadBalancer.ingress 0) }}{{.}}{{ end }}"}}")
echo "http://$SERVICE_IP:{{ .Values.service.httpPort }}"
Get its HTTPS URL with the following commands:
export SERVICE_IP=$(kubectl get service --namespace imxc {{ include "keycloak.fullname" . }}-http --template "{{"{{ range (index .status.loadBalancer.ingress 0) }}{{.}}{{ end }}"}}")
echo "http://$SERVICE_IP:{{ .Values.service.httpsPort }}"
{{- else if eq "ClusterIP" .Values.service.type }}
Keycloak was installed with a Service of type ClusterIP
Create a port-forwarding with the following commands:
export POD_NAME=$(kubectl get pods --namespace imxc -l "app.kubernetes.io/name={{ include "keycloak.name" . }},app.kubernetes.io/instance={{ .Release.Name }}" -o name)
echo "Visit http://127.0.0.1:8080 to use your application"
kubectl --namespace imxc port-forward "$POD_NAME" 8080
{{- end }}

87
roles/cmoa_install/files/04-keycloak/templates/_helpers.tpl Normal file
View File

@@ -0,0 +1,87 @@
{{/* vim: set filetype=mustache: */}}
{{/*
Expand the name of the chart.
*/}}
{{- define "keycloak.name" -}}
{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }}
{{- end }}
{{/*
Create a default fully qualified app name.
We truncate to 20 characters because this is used to set the node identifier in WildFly which is limited to
23 characters. This allows for a replica suffix for up to 99 replicas.
*/}}
{{- define "keycloak.fullname" -}}
{{- if .Values.fullnameOverride }}
{{- .Values.fullnameOverride | trunc 20 | trimSuffix "-" }}
{{- else }}
{{- $name := default .Chart.Name .Values.nameOverride }}
{{- if contains $name .Release.Name }}
{{- .Release.Name | trunc 20 | trimSuffix "-" }}
{{- else }}
{{- printf "%s-%s" .Release.Name $name | trunc 20 | trimSuffix "-" }}
{{- end }}
{{- end }}
{{- end }}
{{/*
Create chart name and version as used by the chart label.
*/}}
{{- define "keycloak.chart" -}}
{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }}
{{- end }}
{{/*
Common labels
*/}}
{{- define "keycloak.labels" -}}
helm.sh/chart: {{ include "keycloak.chart" . }}
{{ include "keycloak.selectorLabels" . }}
app.kubernetes.io/version: {{ .Values.image.tag | default .Chart.AppVersion | quote }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
{{- end }}
{{/*
Selector labels
*/}}
{{- define "keycloak.selectorLabels" -}}
app.kubernetes.io/name: {{ include "keycloak.name" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
{{- end }}
{{/*
Create the name of the service account to use
*/}}
{{- define "keycloak.serviceAccountName" -}}
{{- if .Values.serviceAccount.create }}
{{- default (include "keycloak.fullname" .) .Values.serviceAccount.name }}
{{- else }}
{{- default "default" .Values.serviceAccount.name }}
{{- end }}
{{- end }}
{{/*
Create a default fully qualified app name for the postgres requirement.
*/}}
{{- define "keycloak.postgresql.fullname" -}}
{{- $postgresContext := dict "Values" .Values.postgresql "Release" .Release "Chart" (dict "Name" "postgresql") -}}
{{ include "postgresql.fullname" $postgresContext }}
{{- end }}
{{/*
Create the service DNS name.
*/}}
{{- define "keycloak.serviceDnsName" -}}
{{ include "keycloak.fullname" . }}-headless.imxc.svc.{{ .Values.clusterDomain }}
{{- end }}
{{/*
Return the appropriate apiVersion for ingress.
*/}}
{{- define "keycloak.ingressAPIVersion" -}}
{{- if .Capabilities.APIVersions.Has "networking.k8s.io/v1/Ingress" -}}
{{- print "networking.k8s.io/v1" -}}
{{- else -}}
{{- print "networking.k8s.io/v1beta1" -}}
{{- end -}}
{{- end -}}

14
roles/cmoa_install/files/04-keycloak/templates/configmap-startup.yaml Normal file
View File

@@ -0,0 +1,14 @@
{{- if .Values.startupScripts }}
{{- $highAvailability := gt (int .Values.replicas) 1 -}}
apiVersion: v1
kind: ConfigMap
metadata:
name: {{ include "keycloak.fullname" . }}-startup
labels:
{{- include "keycloak.labels" . | nindent 4 }}
data:
{{- range $key, $value := .Values.startupScripts }}
{{ $key }}: |
{{- tpl $value $ | nindent 4 }}
{{- end }}
{{- end -}}

22
roles/cmoa_install/files/04-keycloak/templates/hpa.yaml Normal file
View File

@@ -0,0 +1,22 @@
{{- if .Values.autoscaling.enabled }}
apiVersion: autoscaling/v2beta2
kind: HorizontalPodAutoscaler
metadata:
name: {{ include "keycloak.fullname" . }}
labels:
{{- include "keycloak.labels" . | nindent 4 }}
{{- range $key, $value := .Values.autoscaling.labels }}
{{- printf "%s: %s" $key (tpl $value $ | quote) | nindent 4 }}
{{- end }}
spec:
scaleTargetRef:
apiVersion: apps/v1
kind: StatefulSet
name: {{ include "keycloak.fullname" . }}
minReplicas: {{ .Values.autoscaling.minReplicas }}
maxReplicas: {{ .Values.autoscaling.maxReplicas }}
metrics:
{{- toYaml .Values.autoscaling.metrics | nindent 4 }}
behavior:
{{- toYaml .Values.autoscaling.behavior | nindent 4 }}
{{- end }}

104
roles/cmoa_install/files/04-keycloak/templates/ingress.yaml Normal file
View File

@@ -0,0 +1,104 @@
{{- $ingress := .Values.ingress -}}
{{- if $ingress.enabled -}}
apiVersion: {{ include "keycloak.ingressAPIVersion" . }}
kind: Ingress
metadata:
name: {{ include "keycloak.fullname" . }}
{{- with $ingress.annotations }}
annotations:
{{- range $key, $value := . }}
{{- printf "%s: %s" $key (tpl $value $ | quote) | nindent 4 }}
{{- end }}
{{- end }}
labels:
{{- include "keycloak.labels" . | nindent 4 }}
{{- range $key, $value := $ingress.labels }}
{{- printf "%s: %s" $key (tpl $value $ | quote) | nindent 4 }}
{{- end }}
spec:
{{- if $ingress.tls }}
tls:
{{- range $ingress.tls }}
- hosts:
{{- range .hosts }}
- {{ tpl . $ | quote }}
{{- end }}
{{- with .secretName }}
secretName: {{ tpl . $ }}
{{- end }}
{{- end }}
{{- end }}
rules:
{{- range .Values.ingress.rules }}
- host: {{ tpl .host $ | quote }}
http:
paths:
{{- range .paths }}
- path: {{ . }}
{{- if $.Capabilities.APIVersions.Has "networking.k8s.io/v1/Ingress" }}
pathType: Prefix
backend:
service:
name: {{ include "keycloak.fullname" $ }}-http
port:
name: {{ $ingress.servicePort }}
{{- else }}
backend:
serviceName: {{ include "keycloak.fullname" $ }}-http
servicePort: {{ $ingress.servicePort }}
{{- end }}
{{- end }}
{{- end }}
{{- if $ingress.console.enabled }}
---
apiVersion: {{ include "keycloak.ingressAPIVersion" . }}
kind: Ingress
metadata:
name: {{ include "keycloak.fullname" . }}-console
{{- with $ingress.console.annotations }}
annotations:
{{- range $key, $value := . }}
{{- printf "%s: %s" $key (tpl $value $ | quote) | nindent 4 }}
{{- end }}
{{- end }}
labels:
{{- include "keycloak.labels" . | nindent 4 }}
{{- range $key, $value := $ingress.labels }}
{{- printf "%s: %s" $key (tpl $value $ | quote) | nindent 4 }}
{{- end }}
spec:
{{- if $ingress.tls }}
tls:
{{- range $ingress.tls }}
- hosts:
{{- range .hosts }}
- {{ tpl . $ | quote }}
{{- end }}
{{- with .secretName }}
secretName: {{ tpl . $ }}
{{- end }}
{{- end }}
{{- end }}
rules:
{{- range .Values.ingress.console.rules }}
- host: {{ tpl .host $ | quote }}
http:
paths:
{{- range .paths }}
- path: {{ . }}
{{- if $.Capabilities.APIVersions.Has "networking.k8s.io/v1/Ingress" }}
pathType: Prefix
backend:
service:
name: {{ include "keycloak.fullname" $ }}-http
port:
name: {{ $ingress.servicePort }}
{{- else }}
backend:
serviceName: {{ include "keycloak.fullname" $ }}-http
servicePort: {{ $ingress.servicePort }}
{{- end }}
{{- end }}
{{- end }}
{{- end -}}
{{- end -}}

46
roles/cmoa_install/files/04-keycloak/templates/networkpolicy.yaml Normal file
View File

@@ -0,0 +1,46 @@
{{- if .Values.networkPolicy.enabled }}
apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
name: {{ include "keycloak.fullname" . | quote }}
labels:
{{- include "keycloak.labels" . | nindent 4 }}
{{- range $key, $value := .Values.networkPolicy.labels }}
{{- printf "%s: %s" $key (tpl $value $ | quote) | nindent 4 }}
{{- end }}
spec:
policyTypes:
- Ingress
podSelector:
matchLabels:
{{- include "keycloak.selectorLabels" . | nindent 6 }}
ingress:
{{- with .Values.networkPolicy.extraFrom }}
- from:
{{- toYaml . | nindent 8 }}
ports:
- protocol: TCP
port: {{ $.Values.service.httpPort }}
- protocol: TCP
port: {{ $.Values.service.httpsPort }}
{{ range $.Values.extraPorts }}
- protocol: {{ default "TCP" .protocol }}
port: {{ .containerPort }}
{{- end }}
{{- end }}
- from:
- podSelector:
matchLabels:
{{- include "keycloak.selectorLabels" . | nindent 14 }}
ports:
- protocol: TCP
port: {{ .Values.service.httpPort }}
- protocol: TCP
port: {{ .Values.service.httpsPort }}
- protocol: TCP
port: {{ .Values.service.httpManagementPort }}
{{ range .Values.extraPorts }}
- protocol: {{ default "TCP" .protocol }}
port: {{ .containerPort }}
{{- end }}
{{- end }}

13
roles/cmoa_install/files/04-keycloak/templates/poddisruptionbudget.yaml Normal file
View File

@@ -0,0 +1,13 @@
{{- if .Values.podDisruptionBudget -}}
apiVersion: policy/v1beta1
kind: PodDisruptionBudget
metadata:
name: {{ include "keycloak.fullname" . }}
labels:
{{- include "keycloak.labels" . | nindent 4 }}
spec:
selector:
matchLabels:
{{- include "keycloak.selectorLabels" . | nindent 6 }}
{{- toYaml .Values.podDisruptionBudget | nindent 2 }}
{{- end -}}

24
roles/cmoa_install/files/04-keycloak/templates/prometheusrule.yaml Normal file
View File

@@ -0,0 +1,24 @@
{{- with .Values.prometheusRule -}}
{{- if .enabled }}
apiVersion: monitoring.coreos.com/v1
kind: PrometheusRule
metadata:
name: {{ include "keycloak.fullname" $ }}
{{- with .annotations }}
annotations:
{{- range $key, $value := . }}
{{- printf "%s: %s" $key (tpl $value $ | quote) | nindent 4 }}
{{- end }}
{{- end }}
labels:
{{- include "keycloak.labels" $ | nindent 4 }}
{{- range $key, $value := .labels }}
{{- printf "%s: %s" $key (tpl $value $ | quote) | nindent 4 }}
{{- end }}
spec:
groups:
- name: {{ include "keycloak.fullname" $ }}
rules:
{{- toYaml .rules | nindent 8 }}
{{- end }}
{{- end -}}

25
roles/cmoa_install/files/04-keycloak/templates/rbac.yaml Normal file
View File

@@ -0,0 +1,25 @@
{{- if and .Values.rbac.create .Values.rbac.rules }}
kind: Role
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: {{ include "keycloak.fullname" . }}
labels:
{{- include "keycloak.labels" . | nindent 4 }}
rules:
{{- toYaml .Values.rbac.rules | nindent 2 }}
---
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
name: {{ include "keycloak.fullname" . }}
labels:
{{- include "keycloak.labels" . | nindent 4 }}
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: {{ include "keycloak.fullname" . }}
subjects:
- kind: ServiceAccount
name: {{ include "keycloak.serviceAccountName" . }}
namespace: {{ .Release.Namespace | quote }}
{{- end }}

34
roles/cmoa_install/files/04-keycloak/templates/route.yaml Normal file
View File

@@ -0,0 +1,34 @@
{{- $route := .Values.route -}}
{{- if $route.enabled -}}
apiVersion: route.openshift.io/v1
kind: Route
metadata:
name: {{ include "keycloak.fullname" . }}
{{- with $route.annotations }}
annotations:
{{- range $key, $value := . }}
{{- printf "%s: %s" $key (tpl $value $ | quote) | nindent 4 }}
{{- end }}
{{- end }}
labels:
{{- include "keycloak.labels" . | nindent 4 }}
{{- range $key, $value := $route.labels }}
{{- printf "%s: %s" $key (tpl $value $ | quote) | nindent 4 }}
{{- end }}
spec:
{{- if $route.host }}
host: {{ tpl $route.host $ | quote }}
{{- end }}
path: {{ $route.path }}
port:
targetPort: http
to:
kind: Service
name: {{ include "keycloak.fullname" $ }}-http
weight: 100
{{- if $route.tls.enabled }}
tls:
insecureEdgeTerminationPolicy: {{ $route.tls.insecureEdgeTerminationPolicy }}
termination: {{ $route.tls.termination }}
{{- end }}
{{- end -}}

29
roles/cmoa_install/files/04-keycloak/templates/secrets.yaml Normal file
View File

@@ -0,0 +1,29 @@
{{- range $nameSuffix, $values := .Values.secrets -}}
apiVersion: v1
kind: Secret
metadata:
name: {{ include "keycloak.fullname" $ }}-{{ $nameSuffix }}
{{- with $values.annotations }}
annotations:
{{- range $key, $value := . }}
{{- printf "%s: %s" $key (tpl $value $ | quote) | nindent 4 }}
{{- end }}
{{- end }}
labels:
{{- include "keycloak.labels" $ | nindent 4 }}
{{- range $key, $value := $values.labels }}
{{- printf "%s: %s" $key (tpl $value $ | quote) | nindent 4 }}
{{- end }}
type: {{ default "Opaque" $values.type }}
{{- with $values.data }}
data:
{{- toYaml . | nindent 2 }}
{{- end }}
{{- with $values.stringData }}
stringData:
{{- range $key, $value := . }}
{{- printf "%s: %s" $key (tpl $value $ | quote) | nindent 2 }}
{{- end }}
{{- end }}
---
{{- end -}}

18
roles/cmoa_install/files/04-keycloak/templates/service-headless.yaml Normal file
View File

@@ -0,0 +1,18 @@
{{- $highAvailability := gt (int .Values.replicas) 1 -}}
apiVersion: v1
kind: Service
metadata:
name: {{ include "keycloak.fullname" . }}-headless
labels:
{{- include "keycloak.labels" . | nindent 4 }}
app.kubernetes.io/component: headless
spec:
type: ClusterIP
clusterIP: None
ports:
- name: http
port: {{ .Values.service.httpPort }}
targetPort: http
protocol: TCP
selector:
{{- include "keycloak.selectorLabels" . | nindent 4 }}

59
roles/cmoa_install/files/04-keycloak/templates/service-http.yaml Normal file
View File

@@ -0,0 +1,59 @@
apiVersion: v1
kind: Service
metadata:
name: {{ include "keycloak.fullname" . }}-http
{{- with .Values.service.annotations }}
annotations:
{{- range $key, $value := . }}
{{- printf "%s: %s" $key (tpl $value $ | quote) | nindent 4 }}
{{- end }}
{{- end }}
labels:
{{- include "keycloak.labels" . | nindent 4 }}
{{- range $key, $value := .Values.service.labels }}
{{- printf "%s: %s" $key (tpl $value $ | quote) | nindent 4 }}
{{- end }}
app.kubernetes.io/component: http
spec:
type: {{ .Values.service.type }}
{{- if and (eq "LoadBalancer" .Values.service.type) .Values.service.loadBalancerIP }}
loadBalancerIP: {{ .Values.service.loadBalancerIP }}
{{- end }}
{{- if and (eq "LoadBalancer" .Values.service.type) .Values.service.loadBalancerSourceRanges }}
loadBalancerSourceRanges:
{{- toYaml .Values.service.loadBalancerSourceRanges | nindent 4 }}
{{- end }}
{{- if .Values.service.sessionAffinity }}
sessionAffinity: {{ .Values.service.sessionAffinity }}
{{- with .Values.service.sessionAffinityConfig }}
sessionAffinityConfig:
{{- toYaml . | nindent 4 }}
{{- end }}
{{- end }}
ports:
- name: http
port: {{ .Values.service.httpPort }}
targetPort: http
{{- if and (or (eq "NodePort" .Values.service.type) (eq "LoadBalancer" .Values.service.type) ) .Values.service.httpNodePort }}
nodePort: {{ .Values.service.httpNodePort }}
{{- end }}
protocol: TCP
- name: https
port: {{ .Values.service.httpsPort }}
targetPort: https
{{- if and (or (eq "NodePort" .Values.service.type) (eq "LoadBalancer" .Values.service.type) ) .Values.service.httpsNodePort }}
nodePort: {{ .Values.service.httpsNodePort }}
{{- end }}
protocol: TCP
- name: http-management
port: {{ .Values.service.httpManagementPort }}
targetPort: http-management
{{- if and (eq "NodePort" .Values.service.type) .Values.service.httpManagementNodePort }}
nodePort: {{ .Values.service.httpManagementNodePort }}
{{- end }}
protocol: TCP
{{- with .Values.service.extraPorts }}
{{- toYaml . | nindent 4 }}
{{- end }}
selector:
{{- include "keycloak.selectorLabels" . | nindent 4 }}

19
roles/cmoa_install/files/04-keycloak/templates/serviceaccount.yaml Normal file
View File

@@ -0,0 +1,19 @@
{{- if .Values.serviceAccount.create -}}
apiVersion: v1
kind: ServiceAccount
metadata:
name: {{ include "keycloak.serviceAccountName" . }}
{{- with .Values.serviceAccount.annotations }}
annotations:
{{- range $key, $value := . }}
{{- printf "%s: %s" $key (tpl $value $ | quote) | nindent 4 }}
{{- end }}
{{- end }}
labels:
{{- include "keycloak.labels" . | nindent 4 }}
{{- range $key, $value := .Values.serviceAccount.labels }}
{{- printf "%s: %s" $key (tpl $value $ | quote) | nindent 4 }}
{{- end }}
imagePullSecrets:
{{- toYaml .Values.serviceAccount.imagePullSecrets | nindent 4 }}
{{- end }}

39
roles/cmoa_install/files/04-keycloak/templates/servicemonitor.yaml Normal file
View File

@@ -0,0 +1,39 @@
{{- range $key, $serviceMonitor := dict "wildfly" .Values.serviceMonitor "extra" .Values.extraServiceMonitor }}
{{- with $serviceMonitor }}
{{- if .enabled }}
---
apiVersion: monitoring.coreos.com/v1
kind: ServiceMonitor
metadata:
name: {{ include "keycloak.fullname" $ }}-{{ $key }}
{{- with .namespace }}
namespace: {{ . }}
{{- end }}
{{- with .annotations }}
annotations:
{{- range $key, $value := . }}
{{- printf "%s: %s" $key (tpl $value $ | quote) | nindent 4 }}
{{- end }}
{{- end }}
labels:
{{- include "keycloak.labels" $ | nindent 4 }}
{{- range $key, $value := .labels }}
{{- printf "%s: %s" $key (tpl $value $ | quote) | nindent 4 }}
{{- end }}
spec:
{{- with .namespaceSelector }}
namespaceSelector:
{{- toYaml . | nindent 4 }}
{{- end }}
selector:
matchLabels:
{{- include "keycloak.selectorLabels" $ | nindent 6 }}
app.kubernetes.io/component: http
endpoints:
- port: {{ .port }}
path: {{ .path }}
interval: {{ .interval }}
scrapeTimeout: {{ .scrapeTimeout }}
{{- end }}
{{- end }}
{{- end }}

208
roles/cmoa_install/files/04-keycloak/templates/statefulset.yaml Normal file
View File

@@ -0,0 +1,208 @@
apiVersion: apps/v1
kind: StatefulSet
metadata:
name: {{ include "keycloak.fullname" . }}
{{- with .Values.statefulsetAnnotations }}
annotations:
{{- range $key, $value := . }}
{{- printf "%s: %s" $key (tpl $value $ | quote) | nindent 4 }}
{{- end }}
{{- end }}
labels:
{{- include "keycloak.labels" . | nindent 4 }}
{{- range $key, $value := .Values.statefulsetLabels }}
{{- printf "%s: %s" $key (tpl $value $ | quote) | nindent 4 }}
{{- end }}
spec:
selector:
matchLabels:
{{- include "keycloak.selectorLabels" . | nindent 6 }}
{{- if not .Values.autoscaling.enabled }}
replicas: {{ .Values.replicas }}
{{- end }}
serviceName: {{ include "keycloak.fullname" . }}-headless
podManagementPolicy: {{ .Values.podManagementPolicy }}
updateStrategy:
type: RollingUpdate
template:
metadata:
annotations:
checksum/config-startup: {{ include (print .Template.BasePath "/configmap-startup.yaml") . | sha256sum }}
checksum/secrets: {{ tpl (toYaml .Values.secrets) . | sha256sum }}
{{- range $key, $value := .Values.podAnnotations }}
{{- printf "%s: %s" $key (tpl $value $ | quote) | nindent 8 }}
{{- end }}
labels:
{{- include "keycloak.selectorLabels" . | nindent 8 }}
{{- if and .Values.postgresql.enabled (and .Values.postgresql.networkPolicy .Values.postgresql.networkPolicy.enabled) }}
{{ include "keycloak.postgresql.fullname" . }}-client: "true"
{{- end }}
{{- range $key, $value := .Values.podLabels }}
{{- printf "%s: %s" $key (tpl $value $ | quote) | nindent 8 }}
{{- end }}
spec:
{{- if or .Values.postgresql.enabled .Values.extraInitContainers }}
initContainers:
{{- if .Values.postgresql.enabled }}
- name: pgchecker
image: "{{ .Values.pgchecker.image.repository }}:{{ .Values.pgchecker.image.tag }}"
imagePullPolicy: {{ .Values.pgchecker.image.pullPolicy }}
securityContext:
{{- toYaml .Values.pgchecker.securityContext | nindent 12 }}
command:
- sh
- -c
- |
echo 'Waiting for PostgreSQL to become ready...'
until printf "." && nc -z -w 2 {{ include "keycloak.postgresql.fullname" . }} {{ .Values.postgresql.service.port }}; do
sleep 2;
done;
echo 'PostgreSQL OK ✓'
volumeMounts:
- mountPath: /opt/jboss/keycloak/themes/cloudmoa/
name: themes-upper-directory
resources:
{{- toYaml .Values.pgchecker.resources | nindent 12 }}
{{- end }}
{{- with .Values.extraInitContainers }}
{{- tpl . $ | nindent 8 }}
{{- end }}
{{- end }}
containers:
- name: keycloak
securityContext:
{{- toYaml .Values.securityContext | nindent 12 }}
image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}"
imagePullPolicy: {{ .Values.image.pullPolicy }}
command:
{{- toYaml .Values.command | nindent 12 }}
args:
{{- toYaml .Values.args | nindent 12 }}
{{- with .Values.lifecycleHooks }}
{{- tpl . $ | nindent 12 }}
{{- end }}
env:
- name: KEYCLOAK_USER
value: "admin"
#valueFrom:
# secretKeyRef:
# name: keycloak-secret
# key: KEYCLOAK_MASTER_USERNAME
- name: KEYCLOAK_PASSWORD
value: "admin"
#valueFrom:
# secretKeyRef:
# name: keycloak-secret
# key: KEYCLOAK_MASTER_PASSWORD
{{- if .Values.postgresql.enabled }}
- name: DB_VENDOR
value: postgres
- name: DB_ADDR
value: {{ include "keycloak.postgresql.fullname" . }}
- name: DB_PORT
value: {{ .Values.postgresql.service.port | quote }}
- name: DB_DATABASE
value: {{ .Values.postgresql.postgresqlDatabase | quote }}
- name: DB_USER
value: {{ .Values.postgresql.postgresqlUsername | quote }}
- name: DB_PASSWORD
valueFrom:
secretKeyRef:
name: {{ include "keycloak.postgresql.fullname" . }}
key: postgresql-password
{{- end }}
{{- with .Values.extraEnv }}
{{- tpl . $ | nindent 12 }}
{{- end }}
envFrom:
{{- with .Values.extraEnvFrom }}
{{- tpl . $ | nindent 12 }}
{{- end }}
ports:
- name: http
containerPort: 8080
protocol: TCP
- name: https
containerPort: 8443
protocol: TCP
- name: http-management
containerPort: 9990
protocol: TCP
{{- with .Values.extraPorts }}
{{- toYaml . | nindent 12 }}
{{- end }}
{{- with .Values.livenessProbe }}
livenessProbe:
{{- tpl . $ | nindent 12 }}
{{- end }}
{{- with .Values.readinessProbe }}
readinessProbe:
{{- tpl . $ | nindent 12 }}
{{- end }}
resources:
{{- toYaml .Values.resources | nindent 12 }}
volumeMounts:
- mountPath: /opt/jboss/keycloak/themes/cloudmoa/
name: themes-upper-directory
{{- range $key, $value := .Values.startupScripts }}
- name: startup
mountPath: "/opt/jboss/startup-scripts/{{ $key }}"
subPath: "{{ $key }}"
readOnly: true
{{- end }}
{{- with .Values.extraVolumeMounts }}
{{- tpl . $ | nindent 12 }}
{{- end }}
{{- with .Values.extraContainers }}
{{- tpl . $ | nindent 8 }}
{{- end }}
{{- with .Values.imagePullSecrets }}
imagePullSecrets:
{{- toYaml . | nindent 8 }}
{{- end }}
serviceAccountName: {{ include "keycloak.serviceAccountName" . }}
securityContext:
{{- toYaml .Values.podSecurityContext | nindent 8 }}
{{- with .Values.hostAliases }}
hostAliases:
{{- toYaml . | nindent 8 }}
{{- end }}
enableServiceLinks: {{ .Values.enableServiceLinks }}
restartPolicy: {{ .Values.restartPolicy }}
{{- with .Values.nodeSelector }}
nodeSelector:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.affinity }}
affinity:
{{- tpl . $ | nindent 8 }}
{{- end }}
{{- with .Values.tolerations }}
tolerations:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.priorityClassName }}
priorityClassName: {{ . }}
{{- end }}
terminationGracePeriodSeconds: {{ .Values.terminationGracePeriodSeconds }}
volumes:
- name: themes-upper-directory
hostPath:
path: /root/oci/infra-set/keycloak/keycloak_theme/
type: DirectoryOrCreate
{{- with .Values.startupScripts }}
- name: startup
configMap:
name: {{ include "keycloak.fullname" $ }}-startup
defaultMode: 0555
items:
{{- range $key, $value := . }}
- key: {{ $key }}
path: {{ $key }}
{{- end }}
{{- end }}
{{- with .Values.extraVolumes }}
{{- tpl . $ | nindent 8 }}
{{- end }}

50
roles/cmoa_install/files/04-keycloak/templates/test/configmap-test.yaml Normal file
View File

@@ -0,0 +1,50 @@
{{- if .Values.test.enabled }}
apiVersion: v1
kind: ConfigMap
metadata:
name: {{ include "keycloak.fullname" . }}-test
labels:
{{- include "keycloak.labels" . | nindent 4 }}
annotations:
helm.sh/hook: test
helm.sh/hook-delete-policy: hook-succeeded
data:
test.py: |
import os
from selenium import webdriver
from selenium.webdriver.common.by import By
from selenium.webdriver.support.ui import WebDriverWait
from selenium.webdriver.support import expected_conditions
from urllib.parse import urlparse
print('Creating PhantomJS driver...')
driver = webdriver.PhantomJS(service_log_path='/tmp/ghostdriver.log')
base_url = 'http://{{ include "keycloak.fullname" . }}-http{{ if ne 80 (int .Values.service.httpPort) }}:{{ .Values.service.httpPort }}{{ end }}'
print('Opening Keycloak...')
driver.get('{0}/auth/admin/'.format(base_url))
username = os.environ['KEYCLOAK_USER']
password = os.environ['KEYCLOAK_PASSWORD']
username_input = WebDriverWait(driver, 30).until(expected_conditions.presence_of_element_located((By.ID, "username")))
password_input = WebDriverWait(driver, 30).until(expected_conditions.presence_of_element_located((By.ID, "password")))
login_button = WebDriverWait(driver, 30).until(expected_conditions.presence_of_element_located((By.ID, "kc-login")))
print('Entering username...')
username_input.send_keys(username)
print('Entering password...')
password_input.send_keys(password)
print('Clicking login button...')
login_button.click()
WebDriverWait(driver, 30).until(lambda driver: '/auth/admin/master/console/' in driver.current_url)
print('Admin console visible. Login successful.')
driver.quit()
{{- end }}

43
roles/cmoa_install/files/04-keycloak/templates/test/pod-test.yaml Normal file
View File

@@ -0,0 +1,43 @@
{{- if .Values.test.enabled }}
apiVersion: v1
kind: Pod
metadata:
name: {{ include "keycloak.fullname" . }}-test
labels:
{{- include "keycloak.labels" . | nindent 4 }}
app.kubernetes.io/component: test
annotations:
helm.sh/hook: test
spec:
securityContext:
{{- toYaml .Values.test.podSecurityContext | nindent 4 }}
containers:
- name: keycloak-test
image: "{{ .Values.test.image.repository }}:{{ .Values.test.image.tag }}"
imagePullPolicy: {{ .Values.test.image.pullPolicy }}
securityContext:
{{- toYaml .Values.test.securityContext | nindent 8 }}
command:
- python3
args:
- /tests/test.py
env:
- name: KEYCLOAK_USER
valueFrom:
secretKeyRef:
name: {{ include "keycloak.fullname" . }}-admin-creds
key: user
- name: KEYCLOAK_PASSWORD
valueFrom:
secretKeyRef:
name: {{ include "keycloak.fullname" . }}-admin-creds
key: password
volumeMounts:
- name: tests
mountPath: /tests
volumes:
- name: tests
configMap:
name: {{ include "keycloak.fullname" . }}-test
restartPolicy: Never
{{- end }}