Skip to content

Commit

Permalink
Helm chart for upstream Keycloak Operator and instance.
Browse files Browse the repository at this point in the history 
Adding new lines

Fix typo in maintaner name...
  • Loading branch information
@jtudelag
jtudelag committed Jul 28, 2020
1 parent 6b6faa4 commit 07a4797
Show file tree
Hide file tree
Showing 17 changed files with 1,653 additions and 0 deletions.
8 changes: 8 additions & 0 deletions charts/keycloak-operator/Chart.yaml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,8 @@
apiVersion: v2
appVersion: v10.0.0
description: A Helm chart for customising the deployment of the Keycloak Operator and a Keycloak instance ⚓️
name: keycloak-operator
version: 0.0.1
home: https://github.com/rht-labs/helm-charts
maintainers:
- name: jtudelag
42 changes: 42 additions & 0 deletions charts/keycloak-operator/README.md
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,42 @@
# ⚓️ Upstream Keycloak Operator Helm Deploy

Keycloak Operator Helm Chart customises and deploys the [Operator](https://github.com/keycloak/keycloak-operator) written by Keycloak Community and [Keycloak](hhttps://www.keycloak.org/) instance (optionally).

This chart deploys the Keycloak Operator using a Deployment, instead of using the OLM (Subscription and Operator Group).

So, two things are installed with this chart:
* Keycloak Operator
* (Optional) A one replica [keycloak instance](templates/KeycloakInstance.yaml) managed by the operator. No other Keycloak resources such as realms or users are deployed.

One thing to note, the default credentials to access the Keycloak instance admin console are managed by the operator and stored in a secret in the same Namespace:
```bash
oc get secrets -l app=keycloak | grep credential
```

## Installing the chart

To install the chart:

```bash
$ helm template -f keycloak-operator/values.yaml keycloak-operator | oc apply -f-
```

The above command creates objects with default naming convention and configuration.
The [configuration](#configuration) section lists the parameters that can be configured during installation.

## Configuration
The following table lists the configurable parameters of the Keykloak Operator chart and their default values.
A simple instance of Keycloak is deployed among the Operator. You can check it [here](templates/KeycloakInstance.yaml).

For more keycloak instance examples you can check the [keycloak-operator repo examples](https://github.com/keycloak/keycloak-operator/tree/10.0.0/deploy/examples/keycloak).

You can check also the [examples in the repo](https://github.com/keycloak/keycloak-operator/tree/10.0.0/deploy/examples) for other CRs managed by the Operator, such as `keycloak realms`, `keycloak users` or `keycloak clients`


| Parameter | Description | Default |
| ------------------------------------------------ | -------------------------------------------------------------| ------------------------------------- |
| `enabled` | Chart is enbaled or not. | `true` |
| `name` | Chart name. | `uj-keycloak` |
| `namespace` | Namespace to depoly the Operator and the Keycloak instance. | `labs-ci-cd` |
| `version` | Keycloak Operator version. Matches Quay.io image version. | `10.0.0` |
| `keycloak_instance` | Deploy a keycloak instance. | `true` |
21 changes: 21 additions & 0 deletions charts/keycloak-operator/templates/KeycloakInstance.yaml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,21 @@
{{- if and .Values.enabled .Values.keycloak_instance }}
---
apiVersion: keycloak.org/v1alpha1
kind: Keycloak
metadata:
name: {{ .Values.name }}
namespace: {{ .Values.namespace }}
labels:
app: {{ .Values.name }}
app.kubernetes.io/component: keycloak
app.kubernetes.io/name: {{ .Values.namespace }}-keycloak
app.kubernetes.io/part-of: {{ .Values.namespace }}
spec:
instances: 1
extensions:
- https://github.com/aerogear/keycloak-metrics-spi/releases/download/1.0.4/keycloak-metrics-spi-1.0.4.jar
externalAccess:
enabled: True
podDisruptionBudget:
enabled: True
{{- end }}
138 changes: 138 additions & 0 deletions charts/keycloak-operator/templates/cluster_role.yaml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,138 @@
{{- if .Values.enabled }}
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: keycloak-operator
labels:
app.kubernetes.io/component: keycloak-operator
app.kubernetes.io/name: {{ .Values.namespace }}-keycloak-operator
app.kubernetes.io/part-of: {{ .Values.namespace }}
rules:
- apiGroups:
- ""
resources:
- pods
- services
- services/finalizers
- endpoints
- persistentvolumeclaims
- events
- configmaps
- secrets
verbs:
- list
- get
- create
- patch
- update
- watch
- delete
- apiGroups:
- apps
resources:
- deployments
- daemonsets
- replicasets
- statefulsets
verbs:
- list
- get
- create
- update
- watch
- apiGroups:
- batch
resources:
- cronjobs
- jobs
verbs:
- list
- get
- create
- update
- watch
- apiGroups:
- route.openshift.io
resources:
- routes
verbs:
- list
- get
- create
- update
- watch
- apiGroups:
- extensions
resources:
- ingresses
verbs:
- list
- get
- create
- update
- watch
- apiGroups:
- monitoring.coreos.com
resources:
- servicemonitors
- podmonitors
- prometheusrules
verbs:
- list
- get
- create
- update
- watch
- apiGroups:
- integreatly.org
resources:
- grafanadashboards
verbs:
- get
- list
- create
- update
- watch
- apiGroups:
- apps
resourceNames:
- keycloak-operator
resources:
- deployments/finalizers
verbs:
- update
- apiGroups:
- policy
resources:
- poddisruptionbudgets
verbs:
- get
- list
- create
- update
- watch
- apiGroups:
- keycloak.org
resources:
- keycloaks
- keycloaks/status
- keycloaks/finalizers
- keycloakrealms
- keycloakrealms/status
- keycloakrealms/finalizers
- keycloakclients
- keycloakclients/status
- keycloakclients/finalizers
- keycloakbackups
- keycloakbackups/status
- keycloakbackups/finalizers
- keycloakusers
- keycloakusers/status
- keycloakusers/finalizers
verbs:
- get
- list
- update
- watch
{{- end }}
19 changes: 19 additions & 0 deletions charts/keycloak-operator/templates/cluster_role_binding.yaml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,19 @@
{{- if .Values.enabled }}
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: keycloak-operator
labels:
app.kubernetes.io/component: keycloak-operator
app.kubernetes.io/name: {{ .Values.namespace }}-keycloak-operator
app.kubernetes.io/part-of: {{ .Values.namespace }}
roleRef:
name: keycloak-operator
kind: ClusterRole
apiGroup: ""
subjects:
- kind: ServiceAccount
name: keycloak-operator
namespace: {{ .Values.namespace }}
{{- end }}
41 changes: 41 additions & 0 deletions charts/keycloak-operator/templates/deployment_keycloak_operator.yaml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,41 @@
{{- if .Values.enabled }}
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: keycloak-operator
namespace: {{ .Values.namespace }}
labels:
app.kubernetes.io/component: keycloak-operator
app.kubernetes.io/name: {{ .Values.namespace }}-keycloak-operator
app.kubernetes.io/part-of: {{ .Values.namespace }}
spec:
replicas: 1
selector:
matchLabels:
name: keycloak-operator
template:
metadata:
labels:
name: keycloak-operator
spec:
serviceAccountName: keycloak-operator
containers:
- name: keycloak-operator
# Replace this with the built image name
image: quay.io/keycloak/keycloak-operator:{{ .Values.version }}
command:
- keycloak-operator
imagePullPolicy: Always
env:
- name: WATCH_NAMESPACE
valueFrom:
fieldRef:
fieldPath: metadata.namespace
- name: POD_NAME
valueFrom:
fieldRef:
fieldPath: metadata.name
- name: OPERATOR_NAME
value: "keycloak-operator"
{{- end }}
Loading

0 comments on commit 07a4797

Please sign in to comment.