Gitiles
Code Review Sign In
review.vexxhost.dev / atmosphere / refs/heads/stable/zed / . / charts / keycloak / templates / statefulset.yaml
blob: 46ddbb56fa6d9671efd7ebf30a5dd8dc0329965b [file] [log] [blame]
Oleksandr Kozachenkob0093492023-09-06 21:43:47 +0200[diff] [blame]1{{- /*
2Copyright VMware, Inc.
3SPDX-License-Identifier: APACHE-2.0
4*/}}
5
6apiVersion: {{ include "common.capabilities.statefulset.apiVersion" . }}
7kind: StatefulSet
8metadata:
9 name: {{ template "common.names.fullname" . }}
10 namespace: {{ include "common.names.namespace" . | quote }}
11 labels: {{- include "common.labels.standard" . | nindent 4 }}
12 app.kubernetes.io/component: keycloak
13 {{- if .Values.commonLabels }}
14 {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }}
15 {{- end }}
16 {{- if .Values.commonAnnotations }}
17 annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
18 {{- end }}
19spec:
20 {{- if not .Values.autoscaling.enabled }}
21 replicas: {{ .Values.replicaCount }}
22 {{- end }}
23 podManagementPolicy: {{ .Values.podManagementPolicy }}
24 serviceName: {{ printf "%s-headless" (include "common.names.fullname" .) | trunc 63 | trimSuffix "-" }}
25 updateStrategy:
26 {{- include "common.tplvalues.render" (dict "value" .Values.updateStrategy "context" $ ) | nindent 4 }}
27 selector:
28 matchLabels: {{ include "common.labels.matchLabels" . | nindent 6 }}
29 app.kubernetes.io/component: keycloak
30 template:
31 metadata:
32 annotations:
33 checksum/configmap-env-vars: {{ include (print $.Template.BasePath "/configmap-env-vars.yaml") . | sha256sum }}
34 {{- if not .Values.auth.existingSecret }}
35 checksum/secrets: {{ include (print $.Template.BasePath "/secrets.yaml") . | sha256sum }}
36 {{- end }}
37 {{- if (include "keycloak.createConfigmap" .) }}
38 checksum/configuration: {{ include (print $.Template.BasePath "/configmap.yaml") . | sha256sum }}
39 {{- end }}
40 {{- if .Values.podAnnotations }}
41 {{- include "common.tplvalues.render" (dict "value" .Values.podAnnotations "context" $) | nindent 8 }}
42 {{- end }}
43 labels: {{- include "common.labels.standard" . | nindent 8 }}
44 app.kubernetes.io/component: keycloak
45 {{- if .Values.podLabels }}
46 {{- include "common.tplvalues.render" (dict "value" .Values.podLabels "context" $) | nindent 8 }}
47 {{- end }}
48 spec:
49 serviceAccountName: {{ template "keycloak.serviceAccountName" . }}
50 {{- include "keycloak.imagePullSecrets" . | nindent 6 }}
51 {{- if .Values.hostAliases }}
52 hostAliases: {{- include "common.tplvalues.render" (dict "value" .Values.hostAliases "context" $) | nindent 8 }}
53 {{- end }}
54 {{- if .Values.affinity }}
55 affinity: {{- include "common.tplvalues.render" ( dict "value" .Values.affinity "context" $) | nindent 8 }}
56 {{- else }}
57 affinity:
58 podAffinity: {{- include "common.affinities.pods" (dict "type" .Values.podAffinityPreset "context" $) | nindent 10 }}
59 podAntiAffinity: {{- include "common.affinities.pods" (dict "type" .Values.podAntiAffinityPreset "context" $) | nindent 10 }}
60 nodeAffinity: {{- include "common.affinities.nodes" (dict "type" .Values.nodeAffinityPreset.type "key" .Values.nodeAffinityPreset.key "values" .Values.nodeAffinityPreset.values) | nindent 10 }}
61 {{- end }}
62 {{- if .Values.nodeSelector }}
63 nodeSelector: {{- include "common.tplvalues.render" ( dict "value" .Values.nodeSelector "context" $) | nindent 8 }}
64 {{- end }}
65 {{- if .Values.tolerations }}
66 tolerations: {{- include "common.tplvalues.render" (dict "value" .Values.tolerations "context" .) | nindent 8 }}
67 {{- end }}
68 {{- if .Values.topologySpreadConstraints }}
69 topologySpreadConstraints: {{- include "common.tplvalues.render" (dict "value" .Values.topologySpreadConstraints "context" .) | nindent 8 }}
70 {{- end }}
71 {{- if .Values.priorityClassName }}
72 priorityClassName: {{ .Values.priorityClassName | quote }}
73 {{- end }}
74 {{- if .Values.schedulerName }}
75 schedulerName: {{ .Values.schedulerName }}
76 {{- end }}
77 {{- if .Values.podSecurityContext.enabled }}
78 securityContext: {{- omit .Values.podSecurityContext "enabled" | toYaml | nindent 8 }}
79 {{- end }}
80 {{- if .Values.dnsPolicy }}
81 dnsPolicy: {{ .Values.dnsPolicy }}
82 {{- end }}
83 {{- if .Values.dnsConfig }}
84 dnsConfig: {{- include "common.tplvalues.render" (dict "value" .Values.dnsConfig "context" .) | nindent 8 }}
85 {{- end }}
86 {{- if semverCompare ">= 1.13" (include "common.capabilities.kubeVersion" .) }}
87 enableServiceLinks: {{ .Values.enableServiceLinks }}
88 {{- end }}
89 {{- if .Values.terminationGracePeriodSeconds }}
90 terminationGracePeriodSeconds: {{ .Values.terminationGracePeriodSeconds }}
91 {{- end }}
92 initContainers:
93 {{- if .Values.initContainers }}
94 {{- include "common.tplvalues.render" (dict "value" .Values.initContainers "context" $) | nindent 8 }}
95 {{- end }}
96 containers:
97 - name: keycloak
98 image: {{ template "keycloak.image" . }}
99 imagePullPolicy: {{ .Values.image.pullPolicy }}
100 {{- if .Values.lifecycleHooks }}
101 lifecycle: {{- include "common.tplvalues.render" (dict "value" .Values.lifecycleHooks "context" $) | nindent 12 }}
102 {{- end }}
103 {{- if .Values.containerSecurityContext.enabled }}
104 securityContext: {{- omit .Values.containerSecurityContext "enabled" | toYaml | nindent 12 }}
105 {{- end }}
106 {{- if .Values.diagnosticMode.enabled }}
107 command: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.command "context" $) | nindent 12 }}
108 {{- else if .Values.command }}
109 command: {{- include "common.tplvalues.render" (dict "value" .Values.command "context" $) | nindent 12 }}
110 {{- end }}
111 {{- if .Values.diagnosticMode.enabled }}
112 args: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.args "context" $) | nindent 12 }}
113 {{- else if .Values.args }}
114 args: {{- include "common.tplvalues.render" (dict "value" .Values.args "context" $) | nindent 12 }}
115 {{- end }}
116 env:
117 - name: KUBERNETES_NAMESPACE
118 valueFrom:
119 fieldRef:
120 apiVersion: v1
121 fieldPath: metadata.namespace
122 - name: BITNAMI_DEBUG
123 value: {{ ternary "true" "false" .Values.image.debug | quote }}
124 - name: KEYCLOAK_ADMIN_PASSWORD
125 valueFrom:
126 secretKeyRef:
127 name: {{ include "keycloak.secretName" . }}
128 key: {{ include "keycloak.secretKey" . }}
129 - name: KEYCLOAK_DATABASE_PASSWORD
130 valueFrom:
131 secretKeyRef:
132 name: {{ include "keycloak.databaseSecretName" . }}
133 key: {{ include "keycloak.databaseSecretPasswordKey" . }}
134 {{- if .Values.externalDatabase.existingSecretHostKey }}
135 - name: KEYCLOAK_DATABASE_HOST
136 valueFrom:
137 secretKeyRef:
138 name: {{ include "keycloak.databaseSecretName" . }}
139 key: {{ include "keycloak.databaseSecretHostKey" . }}
140 {{- end }}
141 {{- if .Values.externalDatabase.existingSecretPortKey }}
142 - name: KEYCLOAK_DATABASE_PORT
143 valueFrom:
144 secretKeyRef:
145 name: {{ include "keycloak.databaseSecretName" . }}
146 key: {{ include "keycloak.databaseSecretPortKey" . }}
147 {{- end }}
148 {{- if .Values.externalDatabase.existingSecretUserKey }}
149 - name: KEYCLOAK_DATABASE_USER
150 valueFrom:
151 secretKeyRef:
152 name: {{ include "keycloak.databaseSecretName" . }}
153 key: {{ include "keycloak.databaseSecretUserKey" . }}
154 {{- end }}
155 {{- if .Values.externalDatabase.existingSecretDatabaseKey }}
156 - name: KEYCLOAK_DATABASE_NAME
157 valueFrom:
158 secretKeyRef:
159 name: {{ include "keycloak.databaseSecretName" . }}
160 key: {{ include "keycloak.databaseSecretDatabaseKey" . }}
161 {{- end }}
162 {{- if and .Values.tls.enabled (or .Values.tls.keystorePassword .Values.tls.passwordsSecret) }}
163 - name: KEYCLOAK_HTTPS_KEY_STORE_PASSWORD
164 valueFrom:
165 secretKeyRef:
166 name: {{ include "keycloak.tlsPasswordsSecretName" . }}
167 key: "tls-keystore-password"
168 {{- end }}
169 {{- if and .Values.tls.enabled (or .Values.tls.truststorePassword .Values.tls.passwordsSecret) }}
170 - name: KEYCLOAK_HTTPS_TRUST_STORE_PASSWORD
171 valueFrom:
172 secretKeyRef:
173 name: {{ include "keycloak.tlsPasswordsSecretName" . }}
174 key: "tls-truststore-password"
175 {{- end }}
176 {{- if and .Values.spi.existingSecret (or .Values.spi.truststorePassword .Values.spi.passwordsSecret) }}
177 - name: KEYCLOAK_SPI_TRUSTSTORE_PASSWORD
178 valueFrom:
179 secretKeyRef:
180 name: {{ include "keycloak.spiPasswordsSecretName" . }}
181 key: "spi-truststore-password"
182 {{- end }}
183 - name: KEYCLOAK_HTTP_RELATIVE_PATH
184 value: {{ .Values.httpRelativePath | quote }}
185 {{- if .Values.extraStartupArgs }}
186 - name: KEYCLOAK_EXTRA_ARGS
187 value: {{ .Values.extraStartupArgs | quote }}
188 {{- end }}
189 {{- if .Values.extraEnvVars }}
190 {{- include "common.tplvalues.render" (dict "value" .Values.extraEnvVars "context" $) | nindent 12 }}
191 {{- end }}
192 envFrom:
193 - configMapRef:
194 name: {{ printf "%s-env-vars" (include "common.names.fullname" .) }}
195 {{- if .Values.extraEnvVarsCM }}
196 - configMapRef:
197 name: {{ include "common.tplvalues.render" (dict "value" .Values.extraEnvVarsCM "context" $) }}
198 {{- end }}
199 {{- if .Values.extraEnvVarsSecret }}
200 - secretRef:
201 name: {{ include "common.tplvalues.render" (dict "value" .Values.extraEnvVarsSecret "context" $) }}
202 {{- end }}
203 {{- if .Values.resources }}
204 resources: {{- toYaml .Values.resources | nindent 12 }}
205 {{- end }}
206 ports:
207 - name: http
208 containerPort: {{ .Values.containerPorts.http }}
209 protocol: TCP
210 {{- if .Values.tls.enabled }}
211 - name: https
212 containerPort: {{ .Values.containerPorts.https }}
213 protocol: TCP
214 {{- end }}
215 - name: infinispan
216 containerPort: {{ .Values.containerPorts.infinispan }}
217 protocol: TCP
218 {{- if .Values.extraContainerPorts }}
219 {{- include "common.tplvalues.render" (dict "value" .Values.extraContainerPorts "context" $) | nindent 12 }}
220 {{- end }}
221 {{- if not .Values.diagnosticMode.enabled }}
222 {{- if .Values.customStartupProbe }}
223 startupProbe: {{- include "common.tplvalues.render" (dict "value" .Values.customStartupProbe "context" $) | nindent 12 }}
224 {{- else if .Values.startupProbe.enabled }}
225 startupProbe: {{- omit .Values.startupProbe "enabled" | toYaml | nindent 12 }}
226 httpGet:
227 path: {{ .Values.httpRelativePath }}
228 port: http
229 {{- end }}
230 {{- if .Values.customLivenessProbe }}
231 livenessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.customLivenessProbe "context" $) | nindent 12 }}
232 {{- else if .Values.livenessProbe.enabled }}
233 livenessProbe: {{- omit .Values.livenessProbe "enabled" | toYaml | nindent 12 }}
234 httpGet:
235 path: {{ .Values.httpRelativePath }}
236 port: http
237 {{- end }}
238 {{- if .Values.customReadinessProbe }}
239 readinessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.customReadinessProbe "context" $) | nindent 12 }}
240 {{- else if .Values.readinessProbe.enabled }}
241 readinessProbe: {{- omit .Values.readinessProbe "enabled" | toYaml | nindent 12 }}
242 httpGet:
243 path: {{ .Values.httpRelativePath }}realms/master
244 port: http
245 {{- end }}
246 {{- end }}
247 volumeMounts:
248 {{- if or .Values.configuration .Values.existingConfigmap }}
249 - name: keycloak-config
250 mountPath: /bitnami/keycloak/conf/keycloak.conf
251 subPath: keycloak.conf
252 {{- end }}
253 {{- if .Values.tls.enabled }}
254 - name: certificates
255 mountPath: /opt/bitnami/keycloak/certs
256 readOnly: true
257 {{- end }}
258 {{- if .Values.spi.existingSecret }}
259 - name: spi-certificates
260 mountPath: /opt/bitnami/keycloak/spi-certs
261 readOnly: true
262 {{- end }}
263 {{- if or .Values.initdbScriptsConfigMap .Values.initdbScripts }}
264 - name: custom-init-scripts
265 mountPath: /docker-entrypoint-initdb.d
266 {{- end }}
267 {{- if .Values.extraVolumeMounts }}
268 {{- include "common.tplvalues.render" (dict "value" .Values.extraVolumeMounts "context" $) | nindent 12 }}
269 {{- end }}
270 {{- if .Values.sidecars }}
271 {{- include "common.tplvalues.render" ( dict "value" .Values.sidecars "context" $) | nindent 8 }}
272 {{- end }}
273 volumes:
274 {{- if or .Values.configuration .Values.existingConfigmap }}
275 - name: keycloak-config
276 configMap:
277 name: {{ include "keycloak.configmapName" . }}
278 {{- end }}
279 {{- if .Values.tls.enabled }}
280 - name: certificates
281 secret:
282 secretName: {{ include "keycloak.tlsSecretName" . }}
283 defaultMode: 420
284 {{- end }}
285 {{- if .Values.spi.existingSecret }}
286 - name: spi-certificates
287 secret:
288 secretName: {{ .Values.spi.existingSecret }}
289 defaultMode: 420
290 {{- end }}
291 {{- if or .Values.initdbScriptsConfigMap .Values.initdbScripts }}
292 - name: custom-init-scripts
293 configMap:
294 name: {{ include "keycloak.initdbScriptsCM" . }}
295 {{- end }}
296 {{- if .Values.extraVolumes }}
297 {{- include "common.tplvalues.render" (dict "value" .Values.extraVolumes "context" $) | nindent 8 }}
298 {{- end }}