Bitnami/charts
2
0
Fork 0
mirror of https://github.com/bitnami/charts.git synced 2026-03-11 07:17:45 +08:00
Code Issues Packages Projects Releases Wiki Activity

[bitnami/keycloak] Fix Kubernetes discovery, add httpRelativePath to make migration easier (#10910)

Browse Source 
* [bitnami/keycloak] Fix Kubernetes discovery, add httpRelativePath to make migration easier

Signed-off-by: Benoit Pourre <benoit.pourre@gmail.com>

* Update README.md with readme-generator-for-helm

Signed-off-by: Bitnami Containers <bitnami-bot@vmware.com>

Co-authored-by: Bitnami Containers <bitnami-bot@vmware.com>
Co-authored-by: Alejandro Moreno <amorenoc@vmware.com>
This commit is contained in:
Benoît Pourre
2022-07-06 12:14:50 +02:00
committed by GitHub
parent be2ae83f60
commit 27fb870c53
5 changed files with 48 additions and 41 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
bitnami/keycloak/Chart.yaml
View File

@@ -26,4 +26,4 @@ name: keycloak
sources:
- https://github.com/bitnami/bitnami-docker-keycloak
- https://github.com/keycloak/keycloak
version: 9.3.7
version: 9.4.0

73
bitnami/keycloak/README.md
View File

@@ -80,42 +80,43 @@ The command removes all the Kubernetes components associated with the chart and
### Keycloak parameters
| Name | Description | Value |
| -------------------------------- | --------------------------------------------------------------------------------------------- | --------------------- |
| `image.registry` | Keycloak image registry | `docker.io` |
| `image.repository` | Keycloak image repository | `bitnami/keycloak` |
| `image.tag` | Keycloak image tag (immutable tags are recommended) | `18.0.2-debian-11-r3` |
| `image.pullPolicy` | Keycloak image pull policy | `IfNotPresent` |
| `image.pullSecrets` | Specify docker-registry secret names as an array | `[]` |
| `image.debug` | Specify if debug logs should be enabled | `false` |
| `auth.adminUser` | Keycloak administrator user | `user` |
| `auth.adminPassword` | Keycloak administrator password for the new user | `""` |
| `auth.managementUser` | Wildfly management user | `manager` |
| `auth.managementPassword` | Wildfly management password | `""` |
| `auth.existingSecret` | An already existing secret containing auth info | `""` |
| `auth.existingSecretPerPassword` | Override `existingSecret` and other secret values | `{}` |
| `auth.tls.enabled` | Enable TLS encryption | `false` |
| `auth.tls.autoGenerated` | Generate automatically self-signed TLS certificates. Currently only supports PEM certificates | `false` |
| `auth.tls.existingSecret` | Existing secret containing the TLS certificates per Keycloak replica | `""` |
| `auth.tls.usePem` | Use PEM certificates as input instead of PKS12/JKS stores | `false` |
| `auth.tls.truststoreFilename` | Truststore specific filename inside the existing secret | `""` |
| `auth.tls.keystoreFilename` | Keystore specific filename inside the existing secret | `""` |
| `auth.tls.jksSecret` | DEPRECATED. Use `auth.tls.existingSecret` instead | `""` |
| `auth.tls.keystorePassword` | Password to access the keystore when it's password-protected | `""` |
| `auth.tls.truststorePassword` | Password to access the truststore when it's password-protected | `""` |
| `auth.tls.resources.limits` | The resources limits for the TLS init container | `{}` |
| `auth.tls.resources.requests` | The requested resources for the TLS init container | `{}` |
| `proxy` | reverse Proxy mode edge, reencrypt, passthrough or none | `passthrough` |
| `configuration` | Keycloak Configuration. Auto-generated based on other parameters when not specified | `""` |
| `existingConfigmap` | Name of existing ConfigMap with Keycloak configuration | `""` |
| `extraStartupArgs` | Extra default startup args | `""` |
| `initdbScripts` | Dictionary of initdb scripts | `{}` |
| `initdbScriptsConfigMap` | ConfigMap with the initdb scripts (Note: Overrides `initdbScripts`) | `""` |
| `command` | Override default container command (useful when using custom images) | `[]` |
| `args` | Override default container args (useful when using custom images) | `[]` |
| `extraEnvVars` | Extra environment variables to be set on Keycloak container | `[]` |
| `extraEnvVarsCM` | Name of existing ConfigMap containing extra env vars | `""` |
| `extraEnvVarsSecret` | Name of existing Secret containing extra env vars | `""` |
| Name | Description | Value |
| -------------------------------- | ---------------------------------------------------------------------------------------------------------------------------- | --------------------- |
| `image.registry` | Keycloak image registry | `docker.io` |
| `image.repository` | Keycloak image repository | `bitnami/keycloak` |
| `image.tag` | Keycloak image tag (immutable tags are recommended) | `18.0.2-debian-11-r3` |
| `image.pullPolicy` | Keycloak image pull policy | `IfNotPresent` |
| `image.pullSecrets` | Specify docker-registry secret names as an array | `[]` |
| `image.debug` | Specify if debug logs should be enabled | `false` |
| `auth.adminUser` | Keycloak administrator user | `user` |
| `auth.adminPassword` | Keycloak administrator password for the new user | `""` |
| `auth.managementUser` | Wildfly management user | `manager` |
| `auth.managementPassword` | Wildfly management password | `""` |
| `auth.existingSecret` | An already existing secret containing auth info | `""` |
| `auth.existingSecretPerPassword` | Override `existingSecret` and other secret values | `{}` |
| `auth.tls.enabled` | Enable TLS encryption | `false` |
| `auth.tls.autoGenerated` | Generate automatically self-signed TLS certificates. Currently only supports PEM certificates | `false` |
| `auth.tls.existingSecret` | Existing secret containing the TLS certificates per Keycloak replica | `""` |
| `auth.tls.usePem` | Use PEM certificates as input instead of PKS12/JKS stores | `false` |
| `auth.tls.truststoreFilename` | Truststore specific filename inside the existing secret | `""` |
| `auth.tls.keystoreFilename` | Keystore specific filename inside the existing secret | `""` |
| `auth.tls.jksSecret` | DEPRECATED. Use `auth.tls.existingSecret` instead | `""` |
| `auth.tls.keystorePassword` | Password to access the keystore when it's password-protected | `""` |
| `auth.tls.truststorePassword` | Password to access the truststore when it's password-protected | `""` |
| `auth.tls.resources.limits` | The resources limits for the TLS init container | `{}` |
| `auth.tls.resources.requests` | The requested resources for the TLS init container | `{}` |
| `proxy` | reverse Proxy mode edge, reencrypt, passthrough or none | `passthrough` |
| `httpRelativePath` | Set the path relative to '/' for serving resources. Useful if you are migrating from older version which were using '/auth/' | `/` |
| `configuration` | Keycloak Configuration. Auto-generated based on other parameters when not specified | `""` |
| `existingConfigmap` | Name of existing ConfigMap with Keycloak configuration | `""` |
| `extraStartupArgs` | Extra default startup args | `""` |
| `initdbScripts` | Dictionary of initdb scripts | `{}` |
| `initdbScriptsConfigMap` | ConfigMap with the initdb scripts (Note: Overrides `initdbScripts`) | `""` |
| `command` | Override default container command (useful when using custom images) | `[]` |
| `args` | Override default container args (useful when using custom images) | `[]` |
| `extraEnvVars` | Extra environment variables to be set on Keycloak container | `[]` |
| `extraEnvVarsCM` | Name of existing ConfigMap containing extra env vars | `""` |
| `extraEnvVarsSecret` | Name of existing Secret containing extra env vars | `""` |
### Keycloak statefulset parameters

2
bitnami/keycloak/templates/configmap-env-vars.yaml
View File

@@ -30,7 +30,7 @@ data:
{{- if .Values.cache.enabled }}
KEYCLOAK_CACHE_TYPE: "ispn"
KEYCLOAK_CACHE_STACK: "kubernetes"
JAVA_OPTS_APPEND: {{ printf "-Djgroups.dns.query=%s-headless.%s" (include "keycloak.fullname" .) .Release.Namespace }}
JAVA_OPTS_APPEND: {{ printf "-Djgroups.dns.query=%s-headless.%s.svc.%s" (include "keycloak.fullname" .) .Release.Namespace .Values.clusterDomain }}
{{- else }}
KEYCLOAK_CACHE_TYPE: "local"
{{- end }}

8
bitnami/keycloak/templates/statefulset.yaml
View File

@@ -266,6 +266,8 @@ spec:
{{- end }}
{{- end }}
{{- end }}
- name: KEYCLOAK_HTTP_RELATIVE_PATH
value: {{ .Values.httpRelativePath | quote }}
{{- if .Values.extraStartupArgs }}
- name: KEYCLOAK_EXTRA_ARGS
value: {{ .Values.extraStartupArgs | quote }}
@@ -305,7 +307,7 @@ spec:
{{- if .Values.startupProbe.enabled }}
startupProbe: {{- omit .Values.startupProbe "enabled" | toYaml | nindent 12 }}
httpGet:
path: /
path: {{ .Values.httpRelativePath }}
port: http
{{- else if .Values.customStartupProbe }}
startupProbe: {{- include "common.tplvalues.render" (dict "value" .Values.customStartupProbe "context" $) | nindent 12 }}
@@ -313,7 +315,7 @@ spec:
{{- if .Values.livenessProbe.enabled }}
livenessProbe: {{- omit .Values.livenessProbe "enabled" | toYaml | nindent 12 }}
httpGet:
path: /
path: {{ .Values.httpRelativePath }}
port: http
{{- else if .Values.customLivenessProbe }}
livenessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.customLivenessProbe "context" $) | nindent 12 }}
@@ -321,7 +323,7 @@ spec:
{{- if .Values.readinessProbe.enabled }}
readinessProbe: {{- omit .Values.readinessProbe "enabled" | toYaml | nindent 12 }}
httpGet:
path: /realms/master
path: {{ .Values.httpRelativePath }}realms/master
port: http
{{- else if .Values.customReadinessProbe }}
readinessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.customReadinessProbe "context" $) | nindent 12 }}

4
bitnami/keycloak/values.yaml
View File

@@ -202,6 +202,10 @@ auth:
## ref: https://www.keycloak.org/server/reverseproxy
##
proxy: passthrough
## @param httpRelativePath Set the path relative to '/' for serving resources. Useful if you are migrating from older version which were using '/auth/'
## ref: https://www.keycloak.org/migration/migrating-to-quarkus#_default_context_path_changed
##
httpRelativePath: "/"
## Keycloak Service Discovery settings
## ref: https://github.com/bitnami/bitnami-docker-keycloak#cluster-configuration
##