| {{- /* |
| # ***************************************************************************** |
| # |
| # Licensed to the Apache Software Foundation (ASF) under one |
| # or more contributor license agreements. See the NOTICE file |
| # distributed with this work for additional information |
| # regarding copyright ownership. The ASF licenses this file |
| # to you under the Apache License, Version 2.0 (the |
| # "License"); you may not use this file except in compliance |
| # with the License. You may obtain a copy of the License at |
| # |
| # http://www.apache.org/licenses/LICENSE-2.0 |
| # |
| # Unless required by applicable law or agreed to in writing, |
| # software distributed under the License is distributed on an |
| # "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY |
| # KIND, either express or implied. See the License for the |
| # specific language governing permissions and limitations |
| # under the License. |
| # |
| # ****************************************************************************** |
| */ -}} |
| |
| {{- $highAvailability := gt (int .Values.keycloak.replicas) 1 -}} |
| apiVersion: apps/v1 |
| kind: StatefulSet |
| metadata: |
| name: {{ include "keycloak.fullname" . }} |
| labels: |
| {{- include "keycloak.commonLabels" . | nindent 4 }} |
| spec: |
| selector: |
| matchLabels: |
| {{- include "keycloak.selectorLabels" . | nindent 6 }} |
| replicas: {{ .Values.keycloak.replicas }} |
| serviceName: {{ include "keycloak.fullname" . }}-headless |
| podManagementPolicy: Parallel |
| updateStrategy: |
| type: RollingUpdate |
| template: |
| metadata: |
| labels: |
| {{- include "keycloak.selectorLabels" . | nindent 8 }} |
| {{- with .Values.keycloak.podLabels }} |
| {{- toYaml . | nindent 8 }} |
| {{- end }} |
| annotations: |
| checksum/config-sh: {{ include (print .Template.BasePath "/configmap-sh.yaml") . | sha256sum }} |
| checksum/config-startup: {{ include (print .Template.BasePath "/configmap-startup.yaml") . | sha256sum }} |
| {{- with .Values.keycloak.podAnnotations }} |
| {{- range $key, $value := . }} |
| {{- printf "%s: %s" $key (tpl $value $ | quote) | nindent 8 }} |
| {{- end }} |
| {{- end }} |
| spec: |
| {{- with .Values.keycloak.hostAliases }} |
| hostAliases: |
| {{- toYaml . | nindent 8 }} |
| {{- end }} |
| {{- if .Values.keycloak.enableServiceLinks }} |
| enableServiceLinks: {{ .Values.keycloak.enableServiceLinks }} |
| {{- end }} |
| restartPolicy: {{ .Values.keycloak.restartPolicy }} |
| serviceAccountName: {{ include "keycloak.serviceAccountName" . }} |
| securityContext: |
| {{- toYaml .Values.keycloak.securityContext | nindent 8 }} |
| {{- with .Values.keycloak.image.pullSecrets }} |
| imagePullSecrets: |
| {{- range . }} |
| - name: {{ . }} |
| {{- end }} |
| {{- end }} |
| {{- if or .Values.keycloak.persistence.deployPostgres .Values.keycloak.extraInitContainers }} |
| initContainers: |
| {{- if .Values.keycloak.persistence.deployPostgres }} |
| - name: wait-for-postgresql |
| image: "{{ .Values.init.image.repository }}:{{ .Values.init.image.tag }}" |
| imagePullPolicy: {{ .Values.init.image.pullPolicy }} |
| securityContext: |
| {{- toYaml .Values.keycloak.containerSecurityContext | nindent 12 }} |
| command: |
| - sh |
| - -c |
| - | |
| until printf "." && nc -z -w 2 {{ include "keycloak.postgresql.fullname" . }} {{ .Values.postgresql.service.port }}; do |
| sleep 2; |
| done; |
| |
| echo 'PostgreSQL OK ✓' |
| resources: |
| {{- toYaml .Values.init.resources | nindent 12 }} |
| {{- end }} |
| {{- with .Values.keycloak.extraInitContainers }} |
| {{- tpl . $ | nindent 8 }} |
| {{- end }} |
| {{- end }} |
| containers: |
| - name: {{ .Chart.Name }} |
| image: "{{ .Values.keycloak.image.repository }}:{{ .Values.keycloak.image.tag }}" |
| imagePullPolicy: {{ .Values.keycloak.image.pullPolicy }} |
| securityContext: |
| {{- toYaml .Values.keycloak.containerSecurityContext | nindent 12 }} |
| command: |
| - /scripts/keycloak.sh |
| {{- with .Values.keycloak.lifecycleHooks }} |
| lifecycle: |
| {{- tpl . $ | nindent 12 }} |
| {{- end }} |
| env: |
| - name: KEYCLOAK_USER |
| value: {{ .Values.keycloak.username }} |
| - name: KEYCLOAK_PASSWORD_FILE |
| value: /secrets/{{ include "keycloak.passwordKey" . }} |
| {{- if $highAvailability }} |
| - name: JGROUPS_DISCOVERY_PROTOCOL |
| value: {{ .Values.keycloak.jgroups.discoveryProtocol }} |
| - name: JGROUPS_DISCOVERY_PROPERTIES |
| value: {{ tpl .Values.keycloak.jgroups.discoveryProperties . }} |
| - name: KEYCLOAK_SERVICE_DNS_NAME |
| value: "{{ include "keycloak.serviceDnsName" . }}" |
| {{- end }} |
| {{- include "keycloak.dbEnvVars" . | nindent 12 }} |
| {{- with .Values.keycloak.extraEnv }} |
| {{- tpl . $ | nindent 12 }} |
| {{- end }} |
| volumeMounts: |
| - name: sh |
| mountPath: /scripts |
| readOnly: true |
| - name: secrets |
| mountPath: /secrets |
| readOnly: true |
| {{- if or .Values.keycloak.cli.enabled .Values.keycloak.startupScripts }} |
| - name: startup |
| mountPath: /opt/jboss/startup-scripts |
| readOnly: true |
| {{- end }} |
| {{- with .Values.keycloak.extraVolumeMounts }} |
| {{- tpl . $ | nindent 12 }} |
| {{- end }} |
| ports: |
| - name: http |
| containerPort: 8080 |
| protocol: TCP |
| - name: https |
| containerPort: 8443 |
| protocol: TCP |
| {{- if $highAvailability }} |
| - name: jgroups |
| containerPort: 7600 |
| protocol: TCP |
| {{- end }} |
| {{- with .Values.keycloak.extraPorts }} |
| {{- tpl . $ | nindent 12 }} |
| {{- end }} |
| {{- with .Values.keycloak.livenessProbe }} |
| livenessProbe: |
| {{- tpl . $ | nindent 12 }} |
| {{- end }} |
| {{- with .Values.keycloak.readinessProbe }} |
| readinessProbe: |
| {{- tpl . $ | nindent 12 }} |
| {{- end }} |
| resources: |
| {{- toYaml .Values.keycloak.resources | nindent 12 }} |
| {{- with .Values.keycloak.extraContainers }} |
| {{- tpl . $ | nindent 8 }} |
| {{- end }} |
| {{- with .Values.keycloak.affinity }} |
| affinity: |
| {{- tpl . $ | nindent 8 }} |
| {{- end }} |
| {{- with .Values.keycloak.nodeSelector }} |
| nodeSelector: |
| {{- toYaml . | nindent 8 }} |
| {{- end }} |
| {{- with .Values.keycloak.tolerations }} |
| tolerations: |
| {{- toYaml . | nindent 8 }} |
| {{- end }} |
| {{- with .Values.keycloak.priorityClassName }} |
| priorityClassName: {{ . }} |
| {{- end }} |
| terminationGracePeriodSeconds: 60 |
| volumes: |
| - name: sh |
| configMap: |
| name: {{ include "keycloak.fullname" . }}-sh |
| defaultMode: 0555 |
| - name: secrets |
| secret: |
| secretName: {{ include "keycloak.secret" . }} |
| {{- if or .Values.keycloak.cli.enabled .Values.keycloak.startupScripts }} |
| - name: startup |
| configMap: |
| name: {{ include "keycloak.fullname" . }}-startup |
| defaultMode: 0555 |
| {{- end }} |
| {{- with .Values.keycloak.extraVolumes }} |
| {{- tpl . $ | nindent 8 }} |
| {{- end }} |