github.com/verrazzano/verrazzano@v1.7.0/platform-operator/thirdparty/charts/keycloak/templates/statefulset.yaml (about) 1 apiVersion: apps/v1 2 kind: StatefulSet 3 metadata: 4 name: {{ include "keycloak.fullname" . }} 5 namespace: {{ .Release.Namespace }} 6 {{- with .Values.statefulsetAnnotations }} 7 annotations: 8 {{- range $key, $value := . }} 9 {{- printf "%s: %s" $key (tpl $value $ | quote) | nindent 4 }} 10 {{- end }} 11 {{- end }} 12 labels: 13 {{- include "keycloak.labels" . | nindent 4 }} 14 {{- range $key, $value := .Values.statefulsetLabels }} 15 {{- printf "%s: %s" $key (tpl $value $ | quote) | nindent 4 }} 16 {{- end }} 17 spec: 18 selector: 19 matchLabels: 20 {{- include "keycloak.selectorLabels" . | nindent 6 }} 21 {{- if not .Values.autoscaling.enabled }} 22 replicas: {{ .Values.replicas }} 23 {{- end }} 24 serviceName: {{ include "keycloak.fullname" . }}-headless 25 podManagementPolicy: {{ .Values.podManagementPolicy }} 26 updateStrategy: 27 type: {{ .Values.updateStrategy }} 28 template: 29 metadata: 30 annotations: 31 checksum/config-startup: {{ include (print .Template.BasePath "/configmap-startup.yaml") . | sha256sum }} 32 checksum/secrets: {{ tpl (toYaml .Values.secrets) . | sha256sum }} 33 {{- range $key, $value := .Values.podAnnotations }} 34 {{- printf "%s: %s" $key (tpl $value $ | quote) | nindent 8 }} 35 {{- end }} 36 labels: 37 {{- include "keycloak.selectorLabels" . | nindent 8 }} 38 {{- range $key, $value := .Values.podLabels }} 39 {{- printf "%s: %s" $key (tpl $value $ | quote) | nindent 8 }} 40 {{- end }} 41 spec: 42 {{- if not .Values.skipInitContainers }} 43 {{- if or .Values.dbchecker.enabled .Values.extraInitContainers }} 44 initContainers: 45 {{- if and .Values.dbchecker.enabled }} 46 - name: dbchecker 47 image: "{{ .Values.dbchecker.image.repository }}:{{ .Values.dbchecker.image.tag }}" 48 imagePullPolicy: {{ .Values.dbchecker.image.pullPolicy }} 49 securityContext: 50 {{- toYaml .Values.dbchecker.securityContext | nindent 12 }} 51 command: 52 - sh 53 - -c 54 - | 55 echo 'Waiting for Database to become ready...' 56 57 until printf "." && nc -z -w 2 {{ required ".Values.database.hostname is required if dbchecker is enabled!" .Values.database.hostname }} {{ required ".Values.database.port is required if dbchecker is enabled!" .Values.database.port }}; do 58 sleep 2; 59 done; 60 61 echo 'Database OK ✓' 62 resources: 63 {{- toYaml .Values.dbchecker.resources | nindent 12 }} 64 {{- end }} 65 {{- with .Values.extraInitContainers }} 66 {{- tpl . $ | nindent 8 }} 67 {{- end }} 68 {{- end }} 69 {{- end }} 70 containers: 71 - name: keycloak 72 securityContext: 73 {{- toYaml .Values.securityContext | nindent 12 }} 74 image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}" 75 imagePullPolicy: {{ .Values.image.pullPolicy }} 76 {{- if .Values.command }} 77 command: 78 {{- toYaml .Values.command | nindent 12 }} 79 {{- end }} 80 {{- if .Values.args }} 81 args: 82 {{- toYaml .Values.args | nindent 12 }} 83 {{- end }} 84 {{- with .Values.lifecycleHooks }} 85 lifecycle: 86 {{- tpl . $ | nindent 12 }} 87 {{- end }} 88 env: 89 {{- if and (.Values.http.relativePath) (eq .Values.http.relativePath "/") }} 90 - name: KC_HTTP_RELATIVE_PATH 91 value: {{ tpl .Values.http.relativePath $ }} 92 {{ else }} 93 - name: KC_HTTP_RELATIVE_PATH 94 value: {{ tpl .Values.http.relativePath $ | trimSuffix "/" }} 95 {{- end }} 96 {{- if eq .Values.cache.stack "default" }} 97 - name: KC_CACHE 98 value: "ispn" 99 - name: KC_CACHE_STACK 100 value: "kubernetes" 101 {{- end }} 102 {{- if .Values.proxy.enabled }} 103 - name: KC_PROXY 104 value: {{ .Values.proxy.mode }} 105 {{- end }} 106 {{- if .Values.database.vendor }} 107 - name: KC_DB 108 value: {{ .Values.database.vendor }} 109 {{- end }} 110 {{- if .Values.database.hostname }} 111 - name: KC_DB_URL_HOST 112 value: {{ .Values.database.hostname }} 113 {{- end }} 114 {{- if .Values.database.port }} 115 - name: KC_DB_URL_PORT 116 value: {{ .Values.database.port | quote }} 117 {{- end }} 118 {{- if .Values.database.database }} 119 - name: KC_DB_URL_DATABASE 120 value: {{ .Values.database.database }} 121 {{- end }} 122 {{- if .Values.database.username }} 123 - name: KC_DB_USERNAME 124 value: {{ .Values.database.username }} 125 {{- end }} 126 {{- if or .Values.database.password .Values.database.existingSecret -}} 127 {{- include "keycloak.databasePasswordEnv" . | nindent 12 }} 128 {{- end }} 129 {{- if .Values.metrics.enabled }} 130 - name: KC_METRICS_ENABLED 131 value: "true" 132 {{- end }} 133 {{- if .Values.health.enabled }} 134 - name: KC_HEALTH_ENABLED 135 value: "true" 136 {{- end }} 137 {{- with .Values.extraEnv }} 138 {{- tpl . $ | nindent 12 }} 139 {{- end }} 140 envFrom: 141 {{- with .Values.extraEnvFrom }} 142 {{- tpl . $ | nindent 12 }} 143 {{- end }} 144 ports: 145 - name: http 146 containerPort: 8080 147 protocol: TCP 148 {{- if .Values.service.httpsPort }} 149 - name: https 150 containerPort: 8443 151 protocol: TCP 152 {{- end }} 153 {{- with .Values.extraPorts }} 154 {{- toYaml . | nindent 12 }} 155 {{- end }} 156 {{- if .Values.health.enabled }} 157 {{- with .Values.livenessProbe }} 158 livenessProbe: 159 {{- tpl . $ | nindent 12 }} 160 {{- end }} 161 {{- if .Values.metrics.enabled }} 162 {{- with .Values.readinessProbe }} 163 readinessProbe: 164 {{- tpl . $ | nindent 12 }} 165 {{- end }} 166 {{- end}} 167 {{- with .Values.startupProbe }} 168 startupProbe: 169 {{- tpl . $ | nindent 12 }} 170 {{- end }} 171 {{- end }} 172 resources: 173 {{- toYaml .Values.resources | nindent 12 }} 174 volumeMounts: 175 {{- with .Values.extraVolumeMounts }} 176 {{- tpl . $ | nindent 12 }} 177 {{- end }} 178 {{- with .Values.extraContainers }} 179 {{- tpl . $ | nindent 8 }} 180 {{- end }} 181 {{- with .Values.imagePullSecrets }} 182 imagePullSecrets: 183 {{- toYaml . | nindent 8 }} 184 {{- end }} 185 serviceAccountName: {{ include "keycloak.serviceAccountName" . }} 186 securityContext: 187 {{- toYaml .Values.podSecurityContext | nindent 8 }} 188 {{- with .Values.hostAliases }} 189 hostAliases: 190 {{- toYaml . | nindent 8 }} 191 {{- end }} 192 enableServiceLinks: {{ .Values.enableServiceLinks }} 193 restartPolicy: {{ .Values.restartPolicy }} 194 {{- with .Values.nodeSelector }} 195 nodeSelector: 196 {{- toYaml . | nindent 8 }} 197 {{- end }} 198 {{- with .Values.affinity }} 199 affinity: 200 {{- tpl . $ | nindent 8 }} 201 {{- end }} 202 {{- with .Values.topologySpreadConstraints }} 203 topologySpreadConstraints: 204 {{- tpl . $ | nindent 8 }} 205 {{- end }} 206 {{- with .Values.tolerations }} 207 tolerations: 208 {{- toYaml . | nindent 8 }} 209 {{- end }} 210 {{- with .Values.priorityClassName }} 211 priorityClassName: {{ . }} 212 {{- end }} 213 terminationGracePeriodSeconds: {{ .Values.terminationGracePeriodSeconds }} 214 volumes: 215 {{- with .Values.startupScripts }} 216 - name: startup 217 configMap: 218 name: {{ include "keycloak.fullname" $ }}-startup 219 defaultMode: 0555 220 items: 221 {{- range $key, $value := . }} 222 - key: {{ $key }} 223 path: {{ $key }} 224 {{- end }} 225 {{- end }} 226 {{- with .Values.extraVolumes }} 227 {{- tpl . $ | nindent 8 }} 228 {{- end }}