Gitiles
Code Review Sign In
review.vexxhost.dev / atmosphere / refs/heads/stable/2023.1 / . / charts / keycloak / templates / statefulset.yaml
blob: a804b210820ddad7e2469e913c6d00caf66f6271 [file] [log] [blame]
Oleksandr Kozachenkob0093492023-09-06 21:43:47 +0200[diff] [blame]1{{- /*
2Copyright VMware, Inc.
3SPDX-License-Identifier: APACHE-2.0
4*/}}
5
6apiVersion: {{ include "common.capabilities.statefulset.apiVersion" . }}
7kind: StatefulSet
8metadata:
9 name: {{ template "common.names.fullname" . }}
10 namespace: {{ include "common.names.namespace" . | quote }}
Mohammed Naser65cda132024-05-02 14:34:08 -0400[diff] [blame]11 labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }}
Oleksandr Kozachenkob0093492023-09-06 21:43:47 +0200[diff] [blame]12 app.kubernetes.io/component: keycloak
Mohammed Naser65cda132024-05-02 14:34:08 -0400[diff] [blame]13 {{- if or .Values.statefulsetAnnotations .Values.commonAnnotations }}
14 annotations: {{- include "common.tplvalues.merge" ( dict "values" ( list .Values.statefulsetAnnotations .Values.commonAnnotations ) "context" $ ) | nindent 4 }}
Oleksandr Kozachenkob0093492023-09-06 21:43:47 +0200[diff] [blame]15 {{- end }}
16spec:
17 {{- if not .Values.autoscaling.enabled }}
18 replicas: {{ .Values.replicaCount }}
19 {{- end }}
Mohammed Naser65cda132024-05-02 14:34:08 -0400[diff] [blame]20 revisionHistoryLimit: {{ .Values.revisionHistoryLimitCount }}
Oleksandr Kozachenkob0093492023-09-06 21:43:47 +0200[diff] [blame]21 podManagementPolicy: {{ .Values.podManagementPolicy }}
22 serviceName: {{ printf "%s-headless" (include "common.names.fullname" .) | trunc 63 | trimSuffix "-" }}
23 updateStrategy:
24 {{- include "common.tplvalues.render" (dict "value" .Values.updateStrategy "context" $ ) | nindent 4 }}
Mohammed Naser65cda132024-05-02 14:34:08 -0400[diff] [blame]25 {{- $podLabels := include "common.tplvalues.merge" ( dict "values" ( list .Values.podLabels .Values.commonLabels ) "context" . ) }}
Oleksandr Kozachenkob0093492023-09-06 21:43:47 +0200[diff] [blame]26 selector:
Mohammed Naser65cda132024-05-02 14:34:08 -0400[diff] [blame]27 matchLabels: {{- include "common.labels.matchLabels" ( dict "customLabels" $podLabels "context" $ ) | nindent 6 }}
Oleksandr Kozachenkob0093492023-09-06 21:43:47 +0200[diff] [blame]28 app.kubernetes.io/component: keycloak
29 template:
30 metadata:
31 annotations:
32 checksum/configmap-env-vars: {{ include (print $.Template.BasePath "/configmap-env-vars.yaml") . | sha256sum }}
33 {{- if not .Values.auth.existingSecret }}
34 checksum/secrets: {{ include (print $.Template.BasePath "/secrets.yaml") . | sha256sum }}
35 {{- end }}
36 {{- if (include "keycloak.createConfigmap" .) }}
37 checksum/configuration: {{ include (print $.Template.BasePath "/configmap.yaml") . | sha256sum }}
38 {{- end }}
39 {{- if .Values.podAnnotations }}
40 {{- include "common.tplvalues.render" (dict "value" .Values.podAnnotations "context" $) | nindent 8 }}
41 {{- end }}
Mohammed Naser65cda132024-05-02 14:34:08 -0400[diff] [blame]42 labels: {{- include "common.labels.standard" ( dict "customLabels" $podLabels "context" $ ) | nindent 8 }}
Oleksandr Kozachenkob0093492023-09-06 21:43:47 +0200[diff] [blame]43 app.kubernetes.io/component: keycloak
Oleksandr Kozachenkob0093492023-09-06 21:43:47 +0200[diff] [blame]44 spec:
45 serviceAccountName: {{ template "keycloak.serviceAccountName" . }}
46 {{- include "keycloak.imagePullSecrets" . | nindent 6 }}
Mohammed Naser65cda132024-05-02 14:34:08 -0400[diff] [blame]47 automountServiceAccountToken: {{ .Values.automountServiceAccountToken }}
Oleksandr Kozachenkob0093492023-09-06 21:43:47 +0200[diff] [blame]48 {{- if .Values.hostAliases }}
49 hostAliases: {{- include "common.tplvalues.render" (dict "value" .Values.hostAliases "context" $) | nindent 8 }}
50 {{- end }}
51 {{- if .Values.affinity }}
52 affinity: {{- include "common.tplvalues.render" ( dict "value" .Values.affinity "context" $) | nindent 8 }}
53 {{- else }}
54 affinity:
Mohammed Naser65cda132024-05-02 14:34:08 -0400[diff] [blame]55 podAffinity: {{- include "common.affinities.pods" (dict "type" .Values.podAffinityPreset "customLabels" $podLabels "context" $) | nindent 10 }}
56 podAntiAffinity: {{- include "common.affinities.pods" (dict "type" .Values.podAntiAffinityPreset "customLabels" $podLabels "context" $) | nindent 10 }}
Oleksandr Kozachenkob0093492023-09-06 21:43:47 +0200[diff] [blame]57 nodeAffinity: {{- include "common.affinities.nodes" (dict "type" .Values.nodeAffinityPreset.type "key" .Values.nodeAffinityPreset.key "values" .Values.nodeAffinityPreset.values) | nindent 10 }}
58 {{- end }}
59 {{- if .Values.nodeSelector }}
60 nodeSelector: {{- include "common.tplvalues.render" ( dict "value" .Values.nodeSelector "context" $) | nindent 8 }}
61 {{- end }}
62 {{- if .Values.tolerations }}
63 tolerations: {{- include "common.tplvalues.render" (dict "value" .Values.tolerations "context" .) | nindent 8 }}
64 {{- end }}
65 {{- if .Values.topologySpreadConstraints }}
66 topologySpreadConstraints: {{- include "common.tplvalues.render" (dict "value" .Values.topologySpreadConstraints "context" .) | nindent 8 }}
67 {{- end }}
68 {{- if .Values.priorityClassName }}
69 priorityClassName: {{ .Values.priorityClassName | quote }}
70 {{- end }}
71 {{- if .Values.schedulerName }}
72 schedulerName: {{ .Values.schedulerName }}
73 {{- end }}
74 {{- if .Values.podSecurityContext.enabled }}
Mohammed Naser65cda132024-05-02 14:34:08 -0400[diff] [blame]75 securityContext: {{- include "common.compatibility.renderSecurityContext" (dict "secContext" .Values.podSecurityContext "context" $) | nindent 8 }}
Oleksandr Kozachenkob0093492023-09-06 21:43:47 +0200[diff] [blame]76 {{- end }}
77 {{- if .Values.dnsPolicy }}
78 dnsPolicy: {{ .Values.dnsPolicy }}
79 {{- end }}
80 {{- if .Values.dnsConfig }}
81 dnsConfig: {{- include "common.tplvalues.render" (dict "value" .Values.dnsConfig "context" .) | nindent 8 }}
82 {{- end }}
83 {{- if semverCompare ">= 1.13" (include "common.capabilities.kubeVersion" .) }}
84 enableServiceLinks: {{ .Values.enableServiceLinks }}
85 {{- end }}
86 {{- if .Values.terminationGracePeriodSeconds }}
87 terminationGracePeriodSeconds: {{ .Values.terminationGracePeriodSeconds }}
88 {{- end }}
Mohammed Naser65cda132024-05-02 14:34:08 -0400[diff] [blame]89 {{- if .Values.enableDefaultInitContainers }}
Oleksandr Kozachenkob0093492023-09-06 21:43:47 +0200[diff] [blame]90 initContainers:
Mohammed Naser65cda132024-05-02 14:34:08 -0400[diff] [blame]91 - name: init-quarkus-directory
92 image: {{ template "keycloak.image" . }}
93 imagePullPolicy: {{ .Values.image.pullPolicy }}
94 command:
95 - /bin/bash
96 args:
97 - -ec
98 - |
99 #!/bin/bash
100 cp -r /opt/bitnami/keycloak/lib/quarkus/* /quarkus
101 {{- if .Values.containerSecurityContext.enabled }}
102 securityContext: {{- include "common.compatibility.renderSecurityContext" (dict "secContext" .Values.containerSecurityContext "context" $) | nindent 12 }}
103 {{- end }}
104 {{- if .Values.resources }}
105 resources: {{- toYaml .Values.resources | nindent 12 }}
106 {{- else if ne .Values.resourcesPreset "none" }}
107 resources: {{- include "common.resources.preset" (dict "type" .Values.resourcesPreset) | nindent 12 }}
108 {{- end }}
109 volumeMounts:
110 - name: empty-dir
111 mountPath: /tmp
112 subPath: tmp-dir
113 - name: empty-dir
114 mountPath: /quarkus
115 subPath: app-quarkus-dir
Oleksandr Kozachenkob0093492023-09-06 21:43:47 +0200[diff] [blame]116 {{- if .Values.initContainers }}
117 {{- include "common.tplvalues.render" (dict "value" .Values.initContainers "context" $) | nindent 8 }}
118 {{- end }}
Mohammed Naser65cda132024-05-02 14:34:08 -0400[diff] [blame]119 {{- end }}
Oleksandr Kozachenkob0093492023-09-06 21:43:47 +0200[diff] [blame]120 containers:
121 - name: keycloak
122 image: {{ template "keycloak.image" . }}
123 imagePullPolicy: {{ .Values.image.pullPolicy }}
124 {{- if .Values.lifecycleHooks }}
125 lifecycle: {{- include "common.tplvalues.render" (dict "value" .Values.lifecycleHooks "context" $) | nindent 12 }}
126 {{- end }}
127 {{- if .Values.containerSecurityContext.enabled }}
Mohammed Naser65cda132024-05-02 14:34:08 -0400[diff] [blame]128 securityContext: {{- include "common.compatibility.renderSecurityContext" (dict "secContext" .Values.containerSecurityContext "context" $) | nindent 12 }}
Oleksandr Kozachenkob0093492023-09-06 21:43:47 +0200[diff] [blame]129 {{- end }}
130 {{- if .Values.diagnosticMode.enabled }}
131 command: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.command "context" $) | nindent 12 }}
132 {{- else if .Values.command }}
133 command: {{- include "common.tplvalues.render" (dict "value" .Values.command "context" $) | nindent 12 }}
134 {{- end }}
135 {{- if .Values.diagnosticMode.enabled }}
136 args: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.args "context" $) | nindent 12 }}
137 {{- else if .Values.args }}
138 args: {{- include "common.tplvalues.render" (dict "value" .Values.args "context" $) | nindent 12 }}
139 {{- end }}
140 env:
141 - name: KUBERNETES_NAMESPACE
142 valueFrom:
143 fieldRef:
144 apiVersion: v1
145 fieldPath: metadata.namespace
146 - name: BITNAMI_DEBUG
147 value: {{ ternary "true" "false" .Values.image.debug | quote }}
148 - name: KEYCLOAK_ADMIN_PASSWORD
149 valueFrom:
150 secretKeyRef:
151 name: {{ include "keycloak.secretName" . }}
152 key: {{ include "keycloak.secretKey" . }}
153 - name: KEYCLOAK_DATABASE_PASSWORD
154 valueFrom:
155 secretKeyRef:
156 name: {{ include "keycloak.databaseSecretName" . }}
157 key: {{ include "keycloak.databaseSecretPasswordKey" . }}
158 {{- if .Values.externalDatabase.existingSecretHostKey }}
159 - name: KEYCLOAK_DATABASE_HOST
160 valueFrom:
161 secretKeyRef:
162 name: {{ include "keycloak.databaseSecretName" . }}
163 key: {{ include "keycloak.databaseSecretHostKey" . }}
164 {{- end }}
165 {{- if .Values.externalDatabase.existingSecretPortKey }}
166 - name: KEYCLOAK_DATABASE_PORT
167 valueFrom:
168 secretKeyRef:
169 name: {{ include "keycloak.databaseSecretName" . }}
170 key: {{ include "keycloak.databaseSecretPortKey" . }}
171 {{- end }}
172 {{- if .Values.externalDatabase.existingSecretUserKey }}
173 - name: KEYCLOAK_DATABASE_USER
174 valueFrom:
175 secretKeyRef:
176 name: {{ include "keycloak.databaseSecretName" . }}
177 key: {{ include "keycloak.databaseSecretUserKey" . }}
178 {{- end }}
179 {{- if .Values.externalDatabase.existingSecretDatabaseKey }}
180 - name: KEYCLOAK_DATABASE_NAME
181 valueFrom:
182 secretKeyRef:
183 name: {{ include "keycloak.databaseSecretName" . }}
184 key: {{ include "keycloak.databaseSecretDatabaseKey" . }}
185 {{- end }}
186 {{- if and .Values.tls.enabled (or .Values.tls.keystorePassword .Values.tls.passwordsSecret) }}
187 - name: KEYCLOAK_HTTPS_KEY_STORE_PASSWORD
188 valueFrom:
189 secretKeyRef:
190 name: {{ include "keycloak.tlsPasswordsSecretName" . }}
191 key: "tls-keystore-password"
192 {{- end }}
193 {{- if and .Values.tls.enabled (or .Values.tls.truststorePassword .Values.tls.passwordsSecret) }}
194 - name: KEYCLOAK_HTTPS_TRUST_STORE_PASSWORD
195 valueFrom:
196 secretKeyRef:
197 name: {{ include "keycloak.tlsPasswordsSecretName" . }}
198 key: "tls-truststore-password"
199 {{- end }}
200 {{- if and .Values.spi.existingSecret (or .Values.spi.truststorePassword .Values.spi.passwordsSecret) }}
201 - name: KEYCLOAK_SPI_TRUSTSTORE_PASSWORD
202 valueFrom:
203 secretKeyRef:
204 name: {{ include "keycloak.spiPasswordsSecretName" . }}
205 key: "spi-truststore-password"
206 {{- end }}
207 - name: KEYCLOAK_HTTP_RELATIVE_PATH
208 value: {{ .Values.httpRelativePath | quote }}
209 {{- if .Values.extraStartupArgs }}
210 - name: KEYCLOAK_EXTRA_ARGS
211 value: {{ .Values.extraStartupArgs | quote }}
212 {{- end }}
Mohammed Naser65cda132024-05-02 14:34:08 -0400[diff] [blame]213 {{- if .Values.adminIngress.enabled }}
214 - name: KC_HOSTNAME_ADMIN
215 value: {{ include "common.tplvalues.render" (dict "value" .Values.adminIngress.hostname "context" $) }}
216 {{- end }}
Oleksandr Kozachenkob0093492023-09-06 21:43:47 +0200[diff] [blame]217 {{- if .Values.extraEnvVars }}
218 {{- include "common.tplvalues.render" (dict "value" .Values.extraEnvVars "context" $) | nindent 12 }}
219 {{- end }}
220 envFrom:
221 - configMapRef:
222 name: {{ printf "%s-env-vars" (include "common.names.fullname" .) }}
223 {{- if .Values.extraEnvVarsCM }}
224 - configMapRef:
225 name: {{ include "common.tplvalues.render" (dict "value" .Values.extraEnvVarsCM "context" $) }}
226 {{- end }}
227 {{- if .Values.extraEnvVarsSecret }}
228 - secretRef:
229 name: {{ include "common.tplvalues.render" (dict "value" .Values.extraEnvVarsSecret "context" $) }}
230 {{- end }}
231 {{- if .Values.resources }}
232 resources: {{- toYaml .Values.resources | nindent 12 }}
Mohammed Naser65cda132024-05-02 14:34:08 -0400[diff] [blame]233 {{- else if ne .Values.resourcesPreset "none" }}
234 resources: {{- include "common.resources.preset" (dict "type" .Values.resourcesPreset) | nindent 12 }}
Oleksandr Kozachenkob0093492023-09-06 21:43:47 +0200[diff] [blame]235 {{- end }}
236 ports:
237 - name: http
238 containerPort: {{ .Values.containerPorts.http }}
239 protocol: TCP
240 {{- if .Values.tls.enabled }}
241 - name: https
242 containerPort: {{ .Values.containerPorts.https }}
243 protocol: TCP
244 {{- end }}
245 - name: infinispan
246 containerPort: {{ .Values.containerPorts.infinispan }}
247 protocol: TCP
248 {{- if .Values.extraContainerPorts }}
249 {{- include "common.tplvalues.render" (dict "value" .Values.extraContainerPorts "context" $) | nindent 12 }}
250 {{- end }}
251 {{- if not .Values.diagnosticMode.enabled }}
252 {{- if .Values.customStartupProbe }}
253 startupProbe: {{- include "common.tplvalues.render" (dict "value" .Values.customStartupProbe "context" $) | nindent 12 }}
254 {{- else if .Values.startupProbe.enabled }}
255 startupProbe: {{- omit .Values.startupProbe "enabled" | toYaml | nindent 12 }}
256 httpGet:
257 path: {{ .Values.httpRelativePath }}
258 port: http
259 {{- end }}
260 {{- if .Values.customLivenessProbe }}
261 livenessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.customLivenessProbe "context" $) | nindent 12 }}
262 {{- else if .Values.livenessProbe.enabled }}
263 livenessProbe: {{- omit .Values.livenessProbe "enabled" | toYaml | nindent 12 }}
264 httpGet:
265 path: {{ .Values.httpRelativePath }}
266 port: http
267 {{- end }}
268 {{- if .Values.customReadinessProbe }}
269 readinessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.customReadinessProbe "context" $) | nindent 12 }}
270 {{- else if .Values.readinessProbe.enabled }}
271 readinessProbe: {{- omit .Values.readinessProbe "enabled" | toYaml | nindent 12 }}
272 httpGet:
273 path: {{ .Values.httpRelativePath }}realms/master
274 port: http
275 {{- end }}
276 {{- end }}
277 volumeMounts:
Mohammed Naser65cda132024-05-02 14:34:08 -0400[diff] [blame]278 - name: empty-dir
279 mountPath: /tmp
280 subPath: tmp-dir
281 - name: empty-dir
282 mountPath: /opt/bitnami/keycloak/conf
283 subPath: app-conf-dir
284 - name: empty-dir
285 mountPath: /opt/bitnami/keycloak/lib/quarkus
286 subPath: app-quarkus-dir
287 - name: empty-dir
288 mountPath: /opt/bitnami/keycloak/data
289 subPath: app-data-dir
Oleksandr Kozachenkob0093492023-09-06 21:43:47 +0200[diff] [blame]290 {{- if or .Values.configuration .Values.existingConfigmap }}
291 - name: keycloak-config
292 mountPath: /bitnami/keycloak/conf/keycloak.conf
293 subPath: keycloak.conf
294 {{- end }}
295 {{- if .Values.tls.enabled }}
296 - name: certificates
297 mountPath: /opt/bitnami/keycloak/certs
298 readOnly: true
299 {{- end }}
300 {{- if .Values.spi.existingSecret }}
301 - name: spi-certificates
302 mountPath: /opt/bitnami/keycloak/spi-certs
303 readOnly: true
304 {{- end }}
305 {{- if or .Values.initdbScriptsConfigMap .Values.initdbScripts }}
306 - name: custom-init-scripts
307 mountPath: /docker-entrypoint-initdb.d
308 {{- end }}
309 {{- if .Values.extraVolumeMounts }}
310 {{- include "common.tplvalues.render" (dict "value" .Values.extraVolumeMounts "context" $) | nindent 12 }}
311 {{- end }}
312 {{- if .Values.sidecars }}
313 {{- include "common.tplvalues.render" ( dict "value" .Values.sidecars "context" $) | nindent 8 }}
314 {{- end }}
315 volumes:
Mohammed Naser65cda132024-05-02 14:34:08 -0400[diff] [blame]316 - name: empty-dir
317 emptyDir: {}
Oleksandr Kozachenkob0093492023-09-06 21:43:47 +0200[diff] [blame]318 {{- if or .Values.configuration .Values.existingConfigmap }}
319 - name: keycloak-config
320 configMap:
321 name: {{ include "keycloak.configmapName" . }}
322 {{- end }}
323 {{- if .Values.tls.enabled }}
324 - name: certificates
325 secret:
326 secretName: {{ include "keycloak.tlsSecretName" . }}
327 defaultMode: 420
328 {{- end }}
329 {{- if .Values.spi.existingSecret }}
330 - name: spi-certificates
331 secret:
332 secretName: {{ .Values.spi.existingSecret }}
333 defaultMode: 420
334 {{- end }}
335 {{- if or .Values.initdbScriptsConfigMap .Values.initdbScripts }}
336 - name: custom-init-scripts
337 configMap:
338 name: {{ include "keycloak.initdbScriptsCM" . }}
339 {{- end }}
340 {{- if .Values.extraVolumes }}
341 {{- include "common.tplvalues.render" (dict "value" .Values.extraVolumes "context" $) | nindent 8 }}
342 {{- end }}