Skip to content
This repository has been archived by the owner on Nov 16, 2022. It is now read-only.

Commit

Permalink
KEYCLOAK-14782 KEYCLOAK-14470 KEYCLOAK-12677 Custom Configuration
Browse files Browse the repository at this point in the history
  • Loading branch information
@slaskawi
slaskawi committed Oct 23, 2020
1 parent e655f80 commit bcaf4f1
Show file tree
Hide file tree
Showing 13 changed files with 834 additions and 85 deletions.
183 changes: 183 additions & 0 deletions deploy/crds/keycloak.org_keycloaks_crd.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -99,6 +99,189 @@ spec:
keycloakDeploymentSpec:
description: Resources (Requests and Limits) for KeycloakDeployment.
properties:
experimental:
description: 'Experimental section NOTE: This section might change
or get removed without any notice. It may also cause the deployment
to behave in an unpredictable fashion. Please use with care.'
properties:
args:
description: Arguments to the entrypoint. Translates into Container
CMD.
items:
type: string
type: array
command:
description: Container command. Translates into Container ENTRYPOINT.
items:
type: string
type: array
env:
description: List of environment variables to set in the container.
items:
description: EnvVar represents an environment variable present
in a Container.
properties:
name:
description: Name of the environment variable. Must be
a C_IDENTIFIER.
type: string
value:
description: 'Variable references $(VAR_NAME) are expanded
using the previous defined environment variables in
the container and any service environment variables.
If a variable cannot be resolved, the reference in the
input string will be unchanged. The $(VAR_NAME) syntax
can be escaped with a double $$, ie: $$(VAR_NAME). Escaped
references will never be expanded, regardless of whether
the variable exists or not. Defaults to "".'
type: string
valueFrom:
description: Source for the environment variable's value.
Cannot be used if value is not empty.
properties:
configMapKeyRef:
description: Selects a key of a ConfigMap.
properties:
key:
description: The key to select.
type: string
name:
description: 'Name of the referent. More info:
https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
TODO: Add other useful fields. apiVersion, kind,
uid?'
type: string
optional:
description: Specify whether the ConfigMap or
its key must be defined
type: boolean
required:
- key
type: object
fieldRef:
description: 'Selects a field of the pod: supports
metadata.name, metadata.namespace, metadata.labels,
metadata.annotations, spec.nodeName, spec.serviceAccountName,
status.hostIP, status.podIP, status.podIPs.'
properties:
apiVersion:
description: Version of the schema the FieldPath
is written in terms of, defaults to "v1".
type: string
fieldPath:
description: Path of the field to select in the
specified API version.
type: string
required:
- fieldPath
type: object
resourceFieldRef:
description: 'Selects a resource of the container:
only resources limits and requests (limits.cpu,
limits.memory, limits.ephemeral-storage, requests.cpu,
requests.memory and requests.ephemeral-storage)
are currently supported.'
properties:
containerName:
description: 'Container name: required for volumes,
optional for env vars'
type: string
divisor:
anyOf:
- type: integer
- type: string
description: Specifies the output format of the
exposed resources, defaults to "1"
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
x-kubernetes-int-or-string: true
resource:
description: 'Required: resource to select'
type: string
required:
- resource
type: object
secretKeyRef:
description: Selects a key of a secret in the pod's
namespace
properties:
key:
description: The key of the secret to select from. Must
be a valid secret key.
type: string
name:
description: 'Name of the referent. More info:
https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
TODO: Add other useful fields. apiVersion, kind,
uid?'
type: string
optional:
description: Specify whether the Secret or its
key must be defined
type: boolean
required:
- key
type: object
type: object
required:
- name
type: object
type: array
volumes:
description: Additional volume mounts
properties:
defaultMode:
description: Permissions mode.
format: int32
type: integer
items:
items:
properties:
configMap:
description: ConfigMap mount
properties:
items:
description: ConfigMap mount details
items:
description: Maps a string key to a path within
a volume.
properties:
key:
description: The key to project.
type: string
mode:
description: 'Optional: mode bits to use
on this file, must be a value between
0 and 0777. If not specified, the volume
defaultMode will be used. This might be
in conflict with other options that affect
the file mode, like fsGroup, and the result
can be other mode bits set.'
format: int32
type: integer
path:
description: The relative path of the file
to map the key to. May not be an absolute
path. May not contain the path element
'..'. May not start with the string '..'.
type: string
required:
- key
- path
type: object
type: array
mountPath:
description: An absolute path where to mount it
type: string
name:
description: ConfigMap name
type: string
required:
- mountPath
type: object
type: object
type: array
type: object
type: object
resources:
description: Resources (Requests and Limits) for the Pods.
properties:
Expand Down
31 changes: 31 additions & 0 deletions deploy/examples/keycloak/keycloak-with-experimental-settings.yaml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,31 @@
apiVersion: v1
kind: ConfigMap
metadata:
name: test-config
data:
test.properties: |
blah=true
---
apiVersion: keycloak.org/v1alpha1
kind: Keycloak
metadata:
name: example-keycloak
labels:
app: sso
spec:
instances: 1
externalAccess:
enabled: True
keycloakDeploymentSpec:
experimental:
args:
- "-Djboss.as.management.blocking.timeout=600"
env:
- name: PROXY_ADDRESS_FORWARDING
value: "false"
volumes:
defaultMode: 0777
items:
- configMap:
name: test-config
mountPath: /test-config
1 change: 1 addition & 0 deletions go.sum
View file
Original file line number Diff line number Diff line change
Expand Up @@ -1715,6 +1715,7 @@ k8s.io/component-base v0.18.0/go.mod h1:u3BCg0z1uskkzrnAKFzulmYaEpZF7XC9Pf/uFyb1
k8s.io/component-base v0.18.2/go.mod h1:kqLlMuhJNHQ9lz8Z7V5bxUUtjFZnrypArGl58gmDfUM=
k8s.io/gengo v0.0.0-20190128074634-0689ccc1d7d6/go.mod h1:ezvh/TsK7cY6rbqRK0oQQ8IAqLxYwwyPxAX1Pzy0ii0=
k8s.io/gengo v0.0.0-20190822140433-26a664648505/go.mod h1:ezvh/TsK7cY6rbqRK0oQQ8IAqLxYwwyPxAX1Pzy0ii0=
k8s.io/gengo v0.0.0-20200114144118-36b2048a9120 h1:RPscN6KhmG54S33L+lr3GS+oD1jmchIU0ll519K6FA4=
k8s.io/gengo v0.0.0-20200114144118-36b2048a9120/go.mod h1:ezvh/TsK7cY6rbqRK0oQQ8IAqLxYwwyPxAX1Pzy0ii0=
k8s.io/klog v0.0.0-20181102134211-b9b56d5dfc92/go.mod h1:Gq+BEi5rUBO/HRz0bTSXDUcqjScdoY3a9IHpCEIOOfk=
k8s.io/klog v0.3.0/go.mod h1:Gq+BEi5rUBO/HRz0bTSXDUcqjScdoY3a9IHpCEIOOfk=
Expand Down
69 changes: 61 additions & 8 deletions pkg/apis/keycloak/v1alpha1/keycloak_types.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -5,6 +5,14 @@ import (
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
)

type TLSTerminationType string

var (
DefaultTLSTermintation TLSTerminationType
ReencryptTLSTerminationType TLSTerminationType = "reencrypt"
PassthroughTLSTerminationType TLSTerminationType = "passthrough"
)

// KeycloakSpec defines the desired state of Keycloak.
// +k8s:openapi-gen=true
type KeycloakSpec struct {
Expand Down Expand Up @@ -61,10 +69,10 @@ type KeycloakSpec struct {
PodDisruptionBudget PodDisruptionBudgetConfig `json:"podDisruptionBudget,omitempty"`
// Resources (Requests and Limits) for KeycloakDeployment.
// +optional
KeycloakDeploymentSpec DeploymentSpec `json:"keycloakDeploymentSpec,omitempty"`
KeycloakDeploymentSpec KeycloakDeploymentSpec `json:"keycloakDeploymentSpec,omitempty"`
// Resources (Requests and Limits) for PostgresDeployment.
// +optional
PostgresDeploymentSpec DeploymentSpec `json:"postgresDeploymentSpec,omitempty"`
PostgresDeploymentSpec PostgresqlDeploymentSpec `json:"postgresDeploymentSpec,omitempty"`
// Specify Migration configuration
// +optional
Migration MigrateConfig `json:"migration,omitempty"`
Expand All @@ -79,13 +87,58 @@ type DeploymentSpec struct {
Resources corev1.ResourceRequirements `json:"resources,omitempty"`
}

type TLSTerminationType string
type KeycloakDeploymentSpec struct {
DeploymentSpec `json:",inline"`
// Experimental section
// NOTE: This section might change or get removed without any notice. It may also cause
// the deployment to behave in an unpredictable fashion. Please use with care.
// +optional
Experimental ExperimentalSpec `json:"experimental,omitempty"`
}

var (
DefaultTLSTermintation TLSTerminationType
ReencryptTLSTerminationType TLSTerminationType = "reencrypt"
PassthroughTLSTerminationType TLSTerminationType = "passthrough"
)
type PostgresqlDeploymentSpec struct {
DeploymentSpec `json:",inline"`
}

type ExperimentalSpec struct {
// Arguments to the entrypoint. Translates into Container CMD.
// +optional
Args []string `json:"args,omitempty"`
// Container command. Translates into Container ENTRYPOINT.
// +optional
Command []string `json:"command,omitempty"`
// List of environment variables to set in the container.
// +optional
// +patchMergeKey=name
// +patchStrategy=merge
Env []corev1.EnvVar `json:"env,omitempty" patchStrategy:"merge" patchMergeKey:"name"`
// Additional volume mounts
// +optional
Volumes VolumesSpec `json:"volumes,omitempty"`
}

type VolumesSpec struct {
Items []VolumeSpec `json:"items,omitempty"`
// Permissions mode.
// +optional
DefaultMode *int32 `json:"defaultMode,omitempty"`
}

type ConfigMapVolumeSpec struct {
// ConfigMap name
Name string `json:"name,omitempty"`
// An absolute path where to mount it
MountPath string `json:"mountPath"`
// ConfigMap mount details
// +optional
Items []corev1.KeyToPath `json:"items,omitempty" protobuf:"bytes,2,rep,name=items"`
}

type VolumeSpec struct {
// ConfigMap mount
// +optional
ConfigMap *ConfigMapVolumeSpec `json:"configMap,omitempty"`
}

type KeycloakExternal struct {
// If set to true, this Keycloak will be treated as an external instance.
Expand Down
Loading

0 comments on commit bcaf4f1

Please sign in to comment.