diff options
Diffstat (limited to 'kubernetes/authentication/components/keycloak-config-cli')
7 files changed, 396 insertions, 0 deletions
diff --git a/kubernetes/authentication/components/keycloak-config-cli/.helmignore b/kubernetes/authentication/components/keycloak-config-cli/.helmignore new file mode 100644 index 0000000000..0e8a0eb36f --- /dev/null +++ b/kubernetes/authentication/components/keycloak-config-cli/.helmignore @@ -0,0 +1,23 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*.orig +*~ +# Various IDEs +.project +.idea/ +*.tmproj +.vscode/ diff --git a/kubernetes/authentication/components/keycloak-config-cli/Chart.yaml b/kubernetes/authentication/components/keycloak-config-cli/Chart.yaml new file mode 100644 index 0000000000..80e5d27c9f --- /dev/null +++ b/kubernetes/authentication/components/keycloak-config-cli/Chart.yaml @@ -0,0 +1,45 @@ +#============LICENSE_START======================================================== +# ================================================================================ +# Copyright © adorsys GmbH & Co. KG +# Modifications © 2022 Deutsche Telekom +# ================================================================================ +# Original licence (https://github.com/codecentric/helm-charts/blob/master/LICENSE) +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# ============LICENSE_END========================================================= +apiVersion: v2 +name: onap-keycloak-config-cli +description: Import JSON-formatted configuration files into Keycloak - Configuration as Code for Keycloak. +home: https://github.com/adorsys/keycloak-config-cli +version: 5.12.0 +appVersion: 5.12.0 +maintainers: + - name: jkroepke + email: joe@adorsys.de + url: https://github.com/jkroepke +keywords: + - keycloak + - config + - import + - json + - continuous-integration + - keycloak-config-cli +sources: + - https://github.com/adorsys/keycloak-config-cli + +dependencies: + - name: common + version: ~13.x-0 + repository: '@local' + - name: repositoryGenerator + version: ~13.x-0 + repository: '@local'
\ No newline at end of file diff --git a/kubernetes/authentication/components/keycloak-config-cli/templates/_helpers.tpl b/kubernetes/authentication/components/keycloak-config-cli/templates/_helpers.tpl new file mode 100644 index 0000000000..cc1ad7ad8d --- /dev/null +++ b/kubernetes/authentication/components/keycloak-config-cli/templates/_helpers.tpl @@ -0,0 +1,68 @@ +{{/* + # Copyright © adorsys GmbH & Co. KG + # + # Licensed under the Apache License, Version 2.0 (the "License"); + # you may not use this file except in compliance with the License. + # You may obtain a copy of the License at + # + # http://www.apache.org/licenses/LICENSE-2.0 + # + # Unless required by applicable law or agreed to in writing, software + # distributed under the License is distributed on an "AS IS" BASIS, + # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + # See the License for the specific language governing permissions and + # limitations under the License. +*/}} +{{/* vim: set filetype=mustache: */}} +{{/* +Expand the name of the chart. +*/}} +{{- define "keycloak-config-cli.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +If release name contains chart name it will be used as a full name. +*/}} +{{- define "keycloak-config-cli.fullname" -}} +{{- if .Values.fullnameOverride }} +{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }} +{{- else }} +{{- $name := default .Chart.Name .Values.nameOverride }} +{{- if contains $name .Release.Name }} +{{- .Release.Name | trunc 63 | trimSuffix "-" }} +{{- else }} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }} +{{- end }} +{{- end }} +{{- end }} + +{{/* +Create chart name and version as used by the chart label. +*/}} +{{- define "keycloak-config-cli.chart" -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Common labels +*/}} +{{- define "keycloak-config-cli.labels" -}} +helm.sh/chart: {{ include "keycloak-config-cli.chart" . }} +{{ include "keycloak-config-cli.selectorLabels" . }} +{{- if .Chart.AppVersion }} +app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} +{{- end }} +app.kubernetes.io/managed-by: {{ .Release.Service }} +{{- end }} + +{{/* +Selector labels +*/}} +{{- define "keycloak-config-cli.selectorLabels" -}} +app.kubernetes.io/name: {{ include "keycloak-config-cli.name" . }} +app.kubernetes.io/instance: {{ .Release.Name }} +{{- end }} + diff --git a/kubernetes/authentication/components/keycloak-config-cli/templates/job.yaml b/kubernetes/authentication/components/keycloak-config-cli/templates/job.yaml new file mode 100644 index 0000000000..322db2b7a1 --- /dev/null +++ b/kubernetes/authentication/components/keycloak-config-cli/templates/job.yaml @@ -0,0 +1,103 @@ +{{/* + # Copyright © adorsys GmbH & Co. KG + # Modifications © 2022, Deutsche Telekom + # + # Licensed under the Apache License, Version 2.0 (the "License"); + # you may not use this file except in compliance with the License. + # You may obtain a copy of the License at + # + # http://www.apache.org/licenses/LICENSE-2.0 + # + # Unless required by applicable law or agreed to in writing, software + # distributed under the License is distributed on an "AS IS" BASIS, + # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + # See the License for the specific language governing permissions and + # limitations under the License. +*/}} +--- +apiVersion: batch/v1 +kind: Job +metadata: + {{- with .Values.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} + name: {{ template "keycloak-config-cli.fullname" . }} + labels: + {{- include "keycloak-config-cli.labels" . | nindent 4 }} +spec: + backoffLimit: {{ .Values.backoffLimit }} + template: + metadata: + {{- with .Values.podAnnotations }} + annotations: + {{- . | nindent 8 }} + {{- end }} + labels: + {{- include "keycloak-config-cli.selectorLabels" . | nindent 8 }} + {{- with .Values.podLabels }} + {{- toYaml . | nindent 8 }} + {{- end }} + spec: + {{- with .Values.image.pullSecrets }} + imagePullSecrets: + {{- toYaml . | nindent 8 }} + {{- end }} + restartPolicy: Never + containers: + - name: keycloak-config-cli + image: "{{ include "repositoryGenerator.dockerHubRepository" . }}/{{ .Values.image.repository }}:{{ tpl .Values.image.tag $ }}" + imagePullPolicy: {{ .Values.image.pullPolicy }} + {{- with .Values.resources }} + resources: + {{- toYaml . | nindent 10 }} + {{- end }} + env: + {{- range $name, $value := .Values.env }} + - name: {{ $name | quote }} + value: {{ tpl $value $ | quote }} + {{- end }} + {{- range $name, $value := .Values.secrets }} + - name: {{ $name | quote }} + valueFrom: + secretKeyRef: + name: "{{ template "keycloak-config-cli.fullname" $ }}" + key: {{ $name | quote }} + {{- end }} + {{- if and .Values.existingSecret .Values.existingSecretKey }} + - name: "KEYCLOAK_PASSWORD" + valueFrom: + secretKeyRef: + name: "{{ tpl .Values.existingSecret . }}" + key: "{{ .Values.existingSecretKey }}" + {{- end }} + {{- with .Values.securityContext }} + securityContext: + {{- toYaml . | nindent 10 }} + {{- end }} + volumeMounts: + - name: config + mountPath: /config + {{- with .Values.extraVolumeMounts }} + {{- tpl . $ | nindent 12 }} + {{- end }} + {{ include "common.waitForJobContainer" . | indent 8 | trim }} + volumes: + - name: config + secret: + {{- if .Values.existingConfigSecret }} + secretName: "{{ tpl .Values.existingConfigSecret $ }}" + {{- else }} + secretName: "{{ template "keycloak-config-cli.fullname" . }}-config-realms" + {{- end }} + defaultMode: 0555 + {{- with .Values.extraVolumes }} + {{- tpl . $ | nindent 8 }} + {{- end }} + {{- with .Values.serviceAccount }} + serviceAccountName: "{{ tpl . $ }}" + {{- end }} + {{- with .Values.securityContext }} + securityContext: + {{- toYaml . | nindent 8 }} + {{- end }} diff --git a/kubernetes/authentication/components/keycloak-config-cli/templates/realms.yaml b/kubernetes/authentication/components/keycloak-config-cli/templates/realms.yaml new file mode 100644 index 0000000000..fa9363e9d0 --- /dev/null +++ b/kubernetes/authentication/components/keycloak-config-cli/templates/realms.yaml @@ -0,0 +1,32 @@ +{{/* + # Copyright © adorsys GmbH & Co. KG + # + # Licensed under the Apache License, Version 2.0 (the "License"); + # you may not use this file except in compliance with the License. + # You may obtain a copy of the License at + # + # http://www.apache.org/licenses/LICENSE-2.0 + # + # Unless required by applicable law or agreed to in writing, software + # distributed under the License is distributed on an "AS IS" BASIS, + # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + # See the License for the specific language governing permissions and + # limitations under the License. +*/}} +{{ if not .Values.existingConfigSecret }} +--- +apiVersion: v1 +kind: Secret +metadata: + name: {{ template "keycloak-config-cli.fullname" . }}-config-realms + labels: + {{- include "keycloak-config-cli.labels" . | nindent 4 }} +data: + {{- range $name, $config := .Values.config }} + {{- if hasKey $config "file" }} + {{ $name }}.json: "{{ tpl ($.Files.Get $config.file) $ | b64enc }}" + {{- else if hasKey $config "inline" }} + {{ $name }}.json: "{{ tpl (toJson $config.inline) $ | b64enc }}" + {{- end }} + {{- end }} +{{- end }} diff --git a/kubernetes/authentication/components/keycloak-config-cli/templates/secrets.yaml b/kubernetes/authentication/components/keycloak-config-cli/templates/secrets.yaml new file mode 100644 index 0000000000..94505289e6 --- /dev/null +++ b/kubernetes/authentication/components/keycloak-config-cli/templates/secrets.yaml @@ -0,0 +1,28 @@ +{{/* + # Copyright © adorsys GmbH & Co. KG + # + # Licensed under the Apache License, Version 2.0 (the "License"); + # you may not use this file except in compliance with the License. + # You may obtain a copy of the License at + # + # http://www.apache.org/licenses/LICENSE-2.0 + # + # Unless required by applicable law or agreed to in writing, software + # distributed under the License is distributed on an "AS IS" BASIS, + # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + # See the License for the specific language governing permissions and + # limitations under the License. +*/}} +{{ if .Values.secrets }} +--- +apiVersion: v1 +kind: Secret +metadata: + name: {{ template "keycloak-config-cli.fullname" . }} + labels: + {{- include "keycloak-config-cli.labels" . | nindent 4 }} +data: + {{- range $name, $value := .Values.secrets }} + {{ $name }}: "{{ tpl $value $ | b64enc }}" + {{- end }} + {{- end }} diff --git a/kubernetes/authentication/components/keycloak-config-cli/values.yaml b/kubernetes/authentication/components/keycloak-config-cli/values.yaml new file mode 100644 index 0000000000..46c67dd220 --- /dev/null +++ b/kubernetes/authentication/components/keycloak-config-cli/values.yaml @@ -0,0 +1,97 @@ +# Copyright © adorsys GmbH & Co. KG +# Modifications © 2022, Deutsche Telekom +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +--- +global: + pullPolicy: Always + persistence: {} + dockerHubRepository: docker.io + +fullnameOverride: "" +nameOverride: "" + +image: + repository: adorsys/keycloak-config-cli + tag: "{{ .Chart.AppVersion }}-22.0.4" + pullPolicy: IfNotPresent + ## Optionally specify an array of imagePullSecrets. + ## Secrets must be manually created in the namespace. + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ + ## + pullSecrets: [] + # - myRegistryKeySecretName + +# Count of re(!)tries. A value of 2 means 3 tries in total. +backoffLimit: 1 + +# annotations of the Job. Define helm post hook here +# currently disabled to see the results and to be compliant with ArgoCD +#annotations: +# "helm.sh/hook": "post-install,post-upgrade,post-rollback" +# "helm.sh/hook-delete-policy": "hook-succeeded,before-hook-creation" +# "helm.sh/hook-weight": "5" + +labels: {} + +resources: {} + # limits: + # cpu: "100m" + # memory: "1024Mi" + # requests: + # cpu: "100m" +# memory: "1024Mi" + +env: + KEYCLOAK_URL: http://keycloak:8080 + KEYCLOAK_USER: admin + IMPORT_PATH: /config/ + +secrets: {} +# KEYCLOAK_PASSWORD: + +# Specifies an existing secret to be used for the admin password +existingSecret: "" + +# The key in the existing secret that stores the password +existingSecretKey: password + +securityContext: {} +containerSecurityContext: {} + +## Additional pod labels +## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/ +podLabels: {} + +## Extra Annotations to be added to pod +podAnnotations: {} + +config: {} + # <realm name>: + # inline: + # realm: <realm name> + # clients: [] + # <realm name>: + # file: <path> + +existingConfigSecret: "" + +# Add additional volumes, e.g. for custom secrets +extraVolumes: "" + +# Add additional volumes mounts, e. g. for custom secrets +extraVolumeMounts: "" + +wait_for_job_container: + containers: + - 'keycloak-config-cli' |