From 979d4aeb3fee8ba7fa565d703f9487bdc65d5001 Mon Sep 17 00:00:00 2001 From: Marcell Majer <43880232+majermarci@users.noreply.github.com> Date: Wed, 12 Feb 2025 15:14:10 +0100 Subject: [PATCH] General Updates to Helm templates (#5) * Use template instead of hardcoded secret values * Make pullSecret name generic without release name * Added annotations to ingress and removed duplicate values * Fixed missing altHostname in ingress tls * Reverted naming changes for pullsecrets * Reverted deletion of global ingress options * Updated KC admin pass in secret --- templates/_keycloak.tpl | 7 +++++++ templates/ingress.yml | 2 ++ templates/secret.yml | 4 ++-- values.yaml | 22 ++++++++++++++-------- 4 files changed, 25 insertions(+), 10 deletions(-) diff --git a/templates/_keycloak.tpl b/templates/_keycloak.tpl index d3ebdef..174408c 100644 --- a/templates/_keycloak.tpl +++ b/templates/_keycloak.tpl @@ -131,6 +131,13 @@ checksum/{{ . }}: {{ include (print $.Template.BasePath "/" . ) $ | sha256sum }} {{- end -}} {{ end -}} +{{- define "keycloak.ingress.annotations" }} +{{- $globalAnnotations := dict "annotations" .Values.global.ingress.annotations | deepCopy -}} +{{- $localAnnotations := dict "annotations" .Values.ingress.annotations -}} +{{- $mergedAnnotations := mergeOverwrite $globalAnnotations $localAnnotations }} +{{- $mergedAnnotations | toYaml -}} +{{ end -}} + {{- define "keycloak.ingress.tlsSecret" -}} {{- if not (and (empty .Values.ingress.tlsSecret) (empty .Values.global.ingress.tlsSecret)) -}} secretName: {{ .Values.ingress.tlsSecret | default .Values.global.ingress.tlsSecret -}} diff --git a/templates/ingress.yml b/templates/ingress.yml index bb24f9e..02e3c22 100644 --- a/templates/ingress.yml +++ b/templates/ingress.yml @@ -6,6 +6,7 @@ apiVersion: networking.k8s.io/v1 kind: Ingress metadata: + {{- include "keycloak.ingress.annotations" $ | nindent 2 }} name: {{ .Release.Name }} labels: {{ include "keycloak.labels" $ | nindent 4 }} spec: @@ -37,6 +38,7 @@ spec: - hosts: - {{ include "keycloak.host" . }} {{- if not (empty .Values.ingress.altHostname) }} + - {{ .Values.ingress.altHostname }} secretName: {{ .Release.Namespace }}-wildcard {{- end }} {{- include "keycloak.ingress.tlsSecret" . | nindent 4 -}} diff --git a/templates/secret.yml b/templates/secret.yml index f1a0589..c0645ae 100644 --- a/templates/secret.yml +++ b/templates/secret.yml @@ -9,6 +9,6 @@ metadata: labels: {{ include "keycloak.labels" $ | nindent 4 }} type: Opaque stringData: - adminPassword: admin - databasePassword: pwd + adminPassword: {{ .Values.adminPassword }} + databasePassword: {{ .Values.global.database.password }} truststore.jks: {{ .Values.truststore | quote }} diff --git a/values.yaml b/values.yaml index b546dac..634fcda 100644 --- a/values.yaml +++ b/values.yaml @@ -14,12 +14,12 @@ global: # fluentd label product: "iris_keycloak" ingress: - #tlsSecret: "" - #ingressClassName: "" - annotations: - {} - #external-dns.alpha.kubernetes.io/target: "" - #kubernetes.io/ingress.class: "" + # tlsSecret: "" + # ingressClassName: "" + annotations: {} + # external-dns.alpha.kubernetes.io/target: "" + # kubernetes.io/ingress.class: "" + # If imagePullSecrets is not empty, a pull secret will be deployed for each entry otherwise # no pull secret will be deployed @@ -177,9 +177,15 @@ ingress: #altHostname: "" # overwrite host used in KC_HOSTNAME #adminHostname: "" - #tlsSecret: "" - #ingressClassName: "" + # tlsSecret: "" + ingressClassName: "nginx" annotations: {} + # external-dns.alpha.kubernetes.io/target: "" + # kubernetes.io/ingress.class: "" + + ## With multiple replicas it might be necessary to add below cookie options to the ingress. + # nginx.ingress.kubernetes.io/affinity: 'cookie' + # nginx.ingress.kubernetes.io/session-cookie-path: '/' prometheus: enabled: true