Skip to content
Permalink
Branch: master
Find file Copy path
Find file Copy path
12 contributors

Users who have contributed to this file

@unguiculus @dojadop @jBouyoud @KoviaX @Towmeykaw @radumazi @alivespirit @swistaczek @edclement @anbarium @ben-healthforge @kir4h
161 lines (159 sloc) 5.61 KB
{{- $highAvailability := gt (int .Values.keycloak.replicas) 1 -}}
apiVersion: apps/v1
kind: StatefulSet
metadata:
name: {{ template "keycloak.fullname" . }}
annotations:
checksum/config: {{ include (print .Template.BasePath "/configmap.yaml") . | sha256sum }}
labels:
app: {{ template "keycloak.name" . }}
chart: {{ template "keycloak.chart" . }}
release: "{{ .Release.Name }}"
heritage: "{{ .Release.Service }}"
spec:
selector:
matchLabels:
app: {{ template "keycloak.name" . }}
release: "{{ .Release.Name }}"
replicas: {{ .Values.keycloak.replicas }}
serviceName: {{ template "keycloak.fullname" . }}-headless
podManagementPolicy: Parallel
updateStrategy:
type: RollingUpdate
template:
metadata:
labels:
app: {{ template "keycloak.name" . }}
release: "{{ .Release.Name }}"
{{- if .Values.keycloak.podLabels }}
{{ toYaml .Values.keycloak.podLabels | indent 8 }}
{{- end }}
{{- if .Values.keycloak.podAnnotations }}
annotations:
{{ toYaml .Values.keycloak.podAnnotations | indent 8 }}
{{- end }}
spec:
{{- with .Values.keycloak.hostAliases }}
hostAliases:
{{ toYaml . | indent 8 }}
{{- end }}
securityContext:
{{ toYaml .Values.keycloak.securityContext | indent 8 }}
{{- with .Values.keycloak.image.pullSecrets }}
imagePullSecrets:
{{- range . }}
- name: {{ . }}
{{- end }}
{{- end }}
{{- if or .Values.keycloak.persistence.deployPostgres .Values.keycloak.extraInitContainers }}
initContainers:
{{- if .Values.keycloak.persistence.deployPostgres }}
- name: wait-for-postgresql
image: "{{ .Values.init.image.repository }}:{{ .Values.init.image.tag }}"
imagePullPolicy: {{ .Values.init.image.pullPolicy }}
command:
- sh
- -c
- |
until printf "." && nc -z -w 2 {{ template "keycloak.postgresql.fullname" . }} {{ .Values.postgresql.service.port }}; do
sleep 2;
done;
echo 'PostgreSQL OK ✓'
{{- end }}
{{- if .Values.keycloak.extraInitContainers }}
{{ tpl .Values.keycloak.extraInitContainers . | indent 8 }}
{{- end }}
{{- end }}
containers:
- name: {{ .Chart.Name }}
image: "{{ .Values.keycloak.image.repository }}:{{ .Values.keycloak.image.tag }}"
imagePullPolicy: {{ .Values.keycloak.image.pullPolicy }}
command:
- /scripts/keycloak.sh
{{- if .Values.keycloak.lifecycleHooks }}
lifecycle:
{{ tpl .Values.keycloak.lifecycleHooks . | indent 12 }}
{{- end }}
env:
{{- if .Release.IsInstall }}
- name: KEYCLOAK_USER
value: {{ .Values.keycloak.username }}
- name: KEYCLOAK_PASSWORD
valueFrom:
secretKeyRef:
{{- if .Values.keycloak.existingSecret }}
name: {{ .Values.keycloak.existingSecret }}
{{- else }}
name: {{ template "keycloak.fullname" . }}-http
{{- end }}
key: {{ .Values.keycloak.existingSecretKey }}
{{- end }}
{{- if $highAvailability }}
- name: JGROUPS_DISCOVERY_PROTOCOL
value: "dns.DNS_PING"
- name: JGROUPS_DISCOVERY_PROPERTIES
value: "dns_query={{ template "keycloak.fullname" . }}-headless.{{ .Release.Namespace }}.svc.{{ .Values.clusterDomain }}"
{{- end }}
{{ include "keycloak.dbEnvVars" . | indent 12 }}
{{- with .Values.keycloak.extraEnv }}
{{ tpl . $ | indent 12 }}
{{- end }}
volumeMounts:
- name: scripts
mountPath: /scripts
{{- with .Values.keycloak.extraVolumeMounts }}
{{ tpl . $ | indent 12 }}
{{- end }}
ports:
- name: http
containerPort: 8080
protocol: TCP
{{- if $highAvailability }}
- name: jgroups
containerPort: 7600
protocol: TCP
{{- end }}
{{- with .Values.keycloak.extraPorts }}
{{ tpl . $ | indent 12 }}
{{- end }}
livenessProbe:
httpGet:
path: {{ if ne .Values.keycloak.basepath "" }}/{{ .Values.keycloak.basepath }}{{ end }}/
port: http
initialDelaySeconds: {{ .Values.keycloak.livenessProbe.initialDelaySeconds }}
timeoutSeconds: {{ .Values.keycloak.livenessProbe.timeoutSeconds }}
readinessProbe:
httpGet:
path: {{ if ne .Values.keycloak.basepath "" }}/{{ .Values.keycloak.basepath }}{{ end }}/realms/master
port: http
initialDelaySeconds: {{ .Values.keycloak.readinessProbe.initialDelaySeconds }}
timeoutSeconds: {{ .Values.keycloak.readinessProbe.timeoutSeconds }}
resources:
{{ toYaml .Values.keycloak.resources | indent 12 }}
{{- with .Values.keycloak.extraContainers }}
{{ tpl . $ | indent 8 }}
{{- end }}
{{- with .Values.keycloak.affinity }}
affinity:
{{ tpl . $ | indent 8 }}
{{- end }}
{{- with .Values.keycloak.nodeSelector }}
nodeSelector:
{{ toYaml . | indent 8 }}
{{- end }}
{{- with .Values.keycloak.tolerations }}
tolerations:
{{ toYaml . | indent 8 }}
{{- end }}
{{- if .Values.keycloak.priorityClassName }}
priorityClassName: {{ .Values.keycloak.priorityClassName }}
{{- end }}
terminationGracePeriodSeconds: 60
volumes:
- name: scripts
configMap:
name: {{ template "keycloak.fullname" . }}
defaultMode: 0555
{{- with .Values.keycloak.extraVolumes }}
{{ tpl . $ | indent 8 }}
{{- end }}
You can’t perform that action at this time.