Merge branch 'telekom:main' into add-security-context

telekom · Feb 12, 2025 · 23c3d5b · 23c3d5b
2 parents 3ca59c1 + 979d4ae
commit 23c3d5b
Show file tree

Hide file tree

Showing 4 changed files with 25 additions and 10 deletions.
diff --git a/templates/_keycloak.tpl b/templates/_keycloak.tpl
@@ -131,6 +131,13 @@ checksum/{{ . }}: {{ include (print $.Template.BasePath "/" . ) $ | sha256sum }}
 {{- end -}}
 {{ end -}}
 
+{{- define "keycloak.ingress.annotations" }}
+{{- $globalAnnotations := dict "annotations" .Values.global.ingress.annotations | deepCopy -}}
+{{- $localAnnotations := dict "annotations" .Values.ingress.annotations -}}
+{{- $mergedAnnotations := mergeOverwrite $globalAnnotations $localAnnotations }}
+{{- $mergedAnnotations | toYaml -}}
+{{ end -}}
+
 {{- define "keycloak.ingress.tlsSecret" -}}
 {{- if not (and (empty .Values.ingress.tlsSecret) (empty .Values.global.ingress.tlsSecret)) -}}
 secretName: {{ .Values.ingress.tlsSecret | default .Values.global.ingress.tlsSecret -}}

diff --git a/templates/ingress.yml b/templates/ingress.yml
@@ -6,6 +6,7 @@
 apiVersion: networking.k8s.io/v1
 kind: Ingress
 metadata:
+  {{- include "keycloak.ingress.annotations" $ | nindent 2 }}
   name: {{ .Release.Name }}
   labels: {{ include "keycloak.labels" $ | nindent 4 }}
 spec:
@@ -37,6 +38,7 @@ spec:
   - hosts:
     - {{ include "keycloak.host" . }}
 {{- if not (empty .Values.ingress.altHostname) }}
+    - {{ .Values.ingress.altHostname }}
     secretName: {{ .Release.Namespace }}-wildcard
 {{- end }}
 {{- include "keycloak.ingress.tlsSecret" . | nindent 4 -}}

diff --git a/templates/secret.yml b/templates/secret.yml
@@ -9,6 +9,6 @@ metadata:
   labels: {{ include "keycloak.labels" $ | nindent 4 }}
 type: Opaque
 stringData:
-  adminPassword: admin
-  databasePassword: pwd
+  adminPassword: {{ .Values.adminPassword }}
+  databasePassword: {{ .Values.global.database.password }}
   truststore.jks: {{ .Values.truststore | quote }}
diff --git a/values.yaml b/values.yaml
@@ -14,12 +14,12 @@ global:
     # fluentd label
   product: "iris_keycloak"
   ingress:
-    #tlsSecret: ""
-    #ingressClassName: ""
-    annotations:
-      {}
-      #external-dns.alpha.kubernetes.io/target: ""
-      #kubernetes.io/ingress.class: ""
+    # tlsSecret: ""
+    # ingressClassName: ""
+    annotations: {}
+      # external-dns.alpha.kubernetes.io/target: ""
+      # kubernetes.io/ingress.class: ""
+
 
   # If imagePullSecrets is not empty, a pull secret will be deployed for each entry otherwise
   # no pull secret will be deployed
@@ -180,9 +180,15 @@ ingress:
   #altHostname: ""
   # overwrite host used in KC_HOSTNAME
   #adminHostname: ""
-  #tlsSecret: ""
-  #ingressClassName: ""
+  # tlsSecret: ""
+  ingressClassName: "nginx"
   annotations: {}
+    # external-dns.alpha.kubernetes.io/target: ""
+    # kubernetes.io/ingress.class: ""
+
+    ## With multiple replicas it might be necessary to add below cookie options to the ingress.
+    # nginx.ingress.kubernetes.io/affinity: 'cookie'
+    # nginx.ingress.kubernetes.io/session-cookie-path: '/'
 
 prometheus:
   enabled: true