mirror of
https://github.com/bitnami/charts.git
synced 2026-03-29 16:27:11 +08:00
d7ec0ea7bf
* add extraParams Signed-off-by: reyvonger <vladimir@pankin.org> * update chart version Signed-off-by: reyvonger <vladimir@pankin.org> * [bitnami/keycloak] Add externalDatabase.extraParams for custom JDBC connection parameters Signed-off-by: reyvonger <vladimir@pankin.org> * [bitnami/keycloak] Add externalDatabase.extraParams for custom JDBC connection parameters Signed-off-by: reyvonger <vladimir@pankin.org> * Update CHANGELOG.md Signed-off-by: Bitnami Bot <bitnami.bot@broadcom.com> * Update README.md with readme-generator-for-helm Signed-off-by: Bitnami Bot <bitnami.bot@broadcom.com> * Update CHANGELOG.md Signed-off-by: Bitnami Bot <bitnami.bot@broadcom.com> * Bump minor version Signed-off-by: Miguel Ruiz <miguel.ruiz@broadcom.com> Signed-off-by: Miguel Ruiz <miguel.ruiz@broadcom.com> * Update CHANGELOG.md Signed-off-by: Bitnami Bot <bitnami.bot@broadcom.com> --------- Signed-off-by: reyvonger <vladimir@pankin.org> Signed-off-by: Bitnami Bot <bitnami.bot@broadcom.com> Signed-off-by: Carlos Rodríguez Hernández <carlos.rodriguez-hernandez@broadcom.com> Signed-off-by: Miguel Ruiz <miguel.ruiz@broadcom.com> Co-authored-by: Bitnami Bot <bitnami.bot@broadcom.com> Co-authored-by: Carlos Rodríguez Hernández <carlos.rodriguez-hernandez@broadcom.com> Co-authored-by: Miguel Ruiz <miguel.ruiz@broadcom.com>
278 lines
9.1 KiB
Smarty
278 lines
9.1 KiB
Smarty
{{/*
|
|
Copyright Broadcom, Inc. All Rights Reserved.
|
|
SPDX-License-Identifier: APACHE-2.0
|
|
*/}}
|
|
|
|
{{/*
|
|
Return the proper Keycloak image name
|
|
*/}}
|
|
{{- define "keycloak.image" -}}
|
|
{{ include "common.images.image" (dict "imageRoot" .Values.image "global" .Values.global) }}
|
|
{{- end -}}
|
|
|
|
{{/*
|
|
Return the proper keycloak-config-cli image name
|
|
*/}}
|
|
{{- define "keycloak.keycloakConfigCli.image" -}}
|
|
{{ include "common.images.image" (dict "imageRoot" .Values.keycloakConfigCli.image "global" .Values.global) }}
|
|
{{- end -}}
|
|
|
|
{{/*
|
|
Return the proper Docker Image Registry Secret Names
|
|
*/}}
|
|
{{- define "keycloak.imagePullSecrets" -}}
|
|
{{- include "common.images.renderPullSecrets" (dict "images" (list .Values.image .Values.keycloakConfigCli.image) "context" .) -}}
|
|
{{- end -}}
|
|
|
|
{{/*
|
|
Create a default fully qualified postgresql name.
|
|
We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
|
|
*/}}
|
|
{{- define "keycloak.postgresql.fullname" -}}
|
|
{{- include "common.names.dependency.fullname" (dict "chartName" "postgresql" "chartValues" .Values.postgresql "context" .) -}}
|
|
{{- end -}}
|
|
|
|
{{/*
|
|
Create a default fully qualified headless service name.
|
|
We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
|
|
*/}}
|
|
{{- define "keycloak.headless.serviceName" -}}
|
|
{{- printf "%s-headless" (include "common.names.fullname" .) | trunc 63 | trimSuffix "-" -}}
|
|
{{- end -}}
|
|
|
|
{{/*
|
|
Create a default fully qualified headless service name.
|
|
We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
|
|
*/}}
|
|
{{- define "keycloak.headless.ispn.serviceName" -}}
|
|
{{- printf "%s-headless-ispn-%s" (include "common.names.fullname" .) (replace "." "-" .Chart.AppVersion) | trunc 63 | trimSuffix "-" -}}
|
|
{{- end -}}
|
|
|
|
{{/*
|
|
Create the name of the service account to use
|
|
*/}}
|
|
{{- define "keycloak.serviceAccountName" -}}
|
|
{{- if .Values.serviceAccount.create -}}
|
|
{{ default (include "common.names.fullname" .) .Values.serviceAccount.name }}
|
|
{{- else -}}
|
|
{{ default "default" .Values.serviceAccount.name }}
|
|
{{- end -}}
|
|
{{- end -}}
|
|
|
|
{{/*
|
|
Return the Keycloak configuration ConfigMap name.
|
|
*/}}
|
|
{{- define "keycloak.configmapName" -}}
|
|
{{- if .Values.existingConfigmap -}}
|
|
{{- tpl .Values.existingConfigmap . -}}
|
|
{{- else -}}
|
|
{{- printf "%s-configuration" (include "common.names.fullname" .) -}}
|
|
{{- end -}}
|
|
{{- end -}}
|
|
|
|
{{/*
|
|
Return the secret containing the Keycloak admin password
|
|
*/}}
|
|
{{- define "keycloak.secretName" -}}
|
|
{{- if .Values.auth.existingSecret -}}
|
|
{{- tpl .Values.auth.existingSecret . -}}
|
|
{{- else -}}
|
|
{{- include "common.names.fullname" . -}}
|
|
{{- end -}}
|
|
{{- end -}}
|
|
|
|
{{/*
|
|
Return the secret key that contains the Keycloak admin password
|
|
*/}}
|
|
{{- define "keycloak.secretKey" -}}
|
|
{{- if and .Values.auth.existingSecret .Values.auth.passwordSecretKey -}}
|
|
{{- tpl .Values.auth.passwordSecretKey . -}}
|
|
{{- else -}}
|
|
{{- print "admin-password" -}}
|
|
{{- end -}}
|
|
{{- end -}}
|
|
|
|
{{/*
|
|
Return the keycloak-config-cli configuration ConfigMap name.
|
|
*/}}
|
|
{{- define "keycloak.keycloakConfigCli.configmapName" -}}
|
|
{{- if .Values.keycloakConfigCli.existingConfigmap -}}
|
|
{{- tpl .Values.keycloakConfigCli.existingConfigmap . -}}
|
|
{{- else -}}
|
|
{{- printf "%s-keycloak-config-cli-configmap" (include "common.names.fullname" .) -}}
|
|
{{- end -}}
|
|
{{- end -}}
|
|
|
|
{{/*
|
|
Return the Database hostname
|
|
*/}}
|
|
{{- define "keycloak.database.host" -}}
|
|
{{- if .Values.postgresql.enabled -}}
|
|
{{- include "keycloak.postgresql.fullname" . -}}{{- if eq .Values.postgresql.architecture "replication" }}-primary{{- end -}}
|
|
{{- else -}}
|
|
{{- tpl .Values.externalDatabase.host . -}}
|
|
{{- end -}}
|
|
{{- end -}}
|
|
|
|
{{/*
|
|
Return the Database port
|
|
*/}}
|
|
{{- define "keycloak.database.port" -}}
|
|
{{- ternary "5432" .Values.externalDatabase.port .Values.postgresql.enabled -}}
|
|
{{- end -}}
|
|
|
|
{{/*
|
|
Return the Database database name
|
|
*/}}
|
|
{{- define "keycloak.database.name" -}}
|
|
{{- if .Values.postgresql.enabled }}
|
|
{{- coalesce (((.Values.global).postgresql).auth).database .Values.postgresql.auth.database "postgres" -}}
|
|
{{- else -}}
|
|
{{- tpl .Values.externalDatabase.database . -}}
|
|
{{- end -}}
|
|
{{- end -}}
|
|
|
|
{{/*
|
|
Return the Database user
|
|
*/}}
|
|
{{- define "keycloak.database.user" -}}
|
|
{{- if .Values.postgresql.enabled -}}
|
|
{{- coalesce (((.Values.global).postgresql).auth).username .Values.postgresql.auth.username | default "" -}}
|
|
{{- else -}}
|
|
{{- tpl .Values.externalDatabase.user . -}}
|
|
{{- end -}}
|
|
{{- end -}}
|
|
|
|
{{/*
|
|
Return the Database schema
|
|
*/}}
|
|
{{- define "keycloak.database.schema" -}}
|
|
{{- ternary "public" .Values.externalDatabase.schema .Values.postgresql.enabled -}}
|
|
{{- end -}}
|
|
|
|
{{/*
|
|
Return extra connection parameters for the Database DSN
|
|
*/}}
|
|
{{- define "keycloak.database.extraParams" -}}
|
|
{{- if .Values.externalDatabase.extraParams -}}
|
|
{{- printf "&%s" (tpl .Values.externalDatabase.extraParams .) -}}
|
|
{{- end -}}
|
|
{{- end -}}
|
|
|
|
{{/*
|
|
Return the Database secret name
|
|
*/}}
|
|
{{- define "keycloak.database.secretName" -}}
|
|
{{- if .Values.postgresql.enabled -}}
|
|
{{- if not (empty (coalesce (((.Values.global).postgresql).auth).existingSecret .Values.postgresql.auth.existingSecret | default "")) -}}
|
|
{{- tpl (coalesce (((.Values.global).postgresql).auth).existingSecret .Values.postgresql.auth.existingSecret) . -}}
|
|
{{- else -}}
|
|
{{- include "keycloak.postgresql.fullname" . -}}
|
|
{{- end -}}
|
|
{{- else if not (empty .Values.externalDatabase.existingSecret) -}}
|
|
{{- tpl .Values.externalDatabase.existingSecret . -}}
|
|
{{- else -}}
|
|
{{- printf "%s-externaldb" (include "common.names.fullname" .) -}}
|
|
{{- end -}}
|
|
{{- end -}}
|
|
|
|
{{/*
|
|
Return the Database secret key that contains the database user
|
|
*/}}
|
|
{{- define "keycloak.database.secretUserKey" -}}
|
|
{{- default "db-user" .Values.externalDatabase.existingSecretUserKey -}}
|
|
{{- end -}}
|
|
|
|
{{/*
|
|
Return the Database secret key that contains the database password
|
|
*/}}
|
|
{{- define "keycloak.database.secretPasswordKey" -}}
|
|
{{- if .Values.postgresql.enabled -}}
|
|
{{- default "password" .Values.postgresql.auth.secretKeys.userPasswordKey -}}
|
|
{{- else if .Values.externalDatabase.existingSecret -}}
|
|
{{- default "db-password" .Values.externalDatabase.existingSecretPasswordKey -}}
|
|
{{- else -}}
|
|
{{- print "db-password" -}}
|
|
{{- end -}}
|
|
{{- end -}}
|
|
|
|
{{/*
|
|
Return the Keycloak initdb scripts ConfigMap name.
|
|
*/}}
|
|
{{- define "keycloak.initdbScripts.configmapName" -}}
|
|
{{- if .Values.initdbScriptsConfigMap -}}
|
|
{{- tpl .Values.initdbScriptsConfigMap . -}}
|
|
{{- else -}}
|
|
{{- printf "%s-init-scripts" (include "common.names.fullname" .) -}}
|
|
{{- end -}}
|
|
{{- end -}}
|
|
|
|
{{/*
|
|
Return the secret containing Keycloak HTTPS/TLS certificates
|
|
*/}}
|
|
{{- define "keycloak.tls.secretName" -}}
|
|
{{- if .Values.tls.existingSecret -}}
|
|
{{- tpl .Values.tls.existingSecret . -}}
|
|
{{- else -}}
|
|
{{- printf "%s-crt" (include "common.names.fullname" .) -}}
|
|
{{- end -}}
|
|
{{- end -}}
|
|
|
|
{{/*
|
|
Return the secret containing Keycloak HTTPS/TLS keystore and truststore passwords
|
|
*/}}
|
|
{{- define "keycloak.tls.passwordsSecretName" -}}
|
|
{{- if .Values.tls.passwordsSecret -}}
|
|
{{- tpl .Values.tls.passwordsSecret . -}}
|
|
{{- else -}}
|
|
{{- printf "%s-tls-passwords" (include "common.names.fullname" .) | trunc 63 | trimSuffix "-" -}}
|
|
{{- end -}}
|
|
{{- end -}}
|
|
|
|
{{/*
|
|
Compile all warnings into a single message.
|
|
*/}}
|
|
{{- define "keycloak.validateValues" -}}
|
|
{{- $messages := list -}}
|
|
{{- $messages := append $messages (include "keycloak.validateValues.database" .) -}}
|
|
{{- $messages := append $messages (include "keycloak.validateValues.tls" .) -}}
|
|
{{- $messages := append $messages (include "keycloak.validateValues.production" .) -}}
|
|
{{- $messages := without $messages "" -}}
|
|
{{- $message := join "\n" $messages -}}
|
|
|
|
{{- if $message -}}
|
|
{{- printf "\nVALUES VALIDATION:\n%s" $message | fail -}}
|
|
{{- end -}}
|
|
{{- end -}}
|
|
|
|
{{/* Validate values of Keycloak - database */}}
|
|
{{- define "keycloak.validateValues.database" -}}
|
|
{{- if and (not .Values.postgresql.enabled) (not .Values.externalDatabase.host) -}}
|
|
keycloak: database
|
|
You disabled the PostgreSQL sub-chart but did not specify an external PostgreSQL host.
|
|
Either deploy the PostgreSQL sub-chart (--set postgresql.enabled=true),
|
|
or set a value for the external database host (--set externalDatabase.host=FOO)
|
|
and set a value for the external database password (--set externalDatabase.password=BAR)
|
|
or existing secret (--set externalDatabase.existingSecret=BAR).
|
|
{{- end -}}
|
|
{{- end -}}
|
|
|
|
{{/* Validate values of Keycloak - TLS enabled */}}
|
|
{{- define "keycloak.validateValues.tls" -}}
|
|
{{- if and .Values.tls.enabled (not .Values.tls.autoGenerated.enabled) (not .Values.tls.existingSecret) }}
|
|
keycloak: tls.enabled
|
|
In order to enable TLS, you need to provide a secret with the TLS
|
|
certificates (--set tls.existingSecret=FOO) or enable auto-generated
|
|
TLS certificates (--set tls.autoGenerated.enabled=true).
|
|
{{- end -}}
|
|
{{- end -}}
|
|
|
|
{{/* Validate values of Keycloak - Production mode enabled */}}
|
|
{{- define "keycloak.validateValues.production" -}}
|
|
{{- if and .Values.production (not .Values.tls.enabled) (empty .Values.proxyHeaders) -}}
|
|
keycloak: production
|
|
In order to enable Production mode, you also need to enable
|
|
HTTPS/TLS (--set tls.enabled=true) or use proxy headers (--set proxyHeaders=FOO).
|
|
{{- end -}}
|
|
{{- end -}}
|