panzouh · panzouh · Oct 7, 2022 · Oct 7, 2022 · Oct 7, 2022 · Oct 7, 2022
diff --git a/charts/custom-catalogs/templates/subscriptions.yml b/charts/custom-catalogs/templates/subscriptions.yml
@@ -16,7 +16,7 @@ metadata:
   {{- if .sameNamespace }}
 spec:
   targetNamespaces:
-  - {{ .installNamespace }}
+    - {{ .installNamespace }}
   {{- else }}
 spec: {}
   {{- end }}
@@ -47,7 +47,7 @@ metadata:
   name: {{ .name }}
   namespace: {{ default "olm" .installNamespace }}
 spec:
-  channel: {{ default "stable" .operatorChannel }}
+  channel: {{ default "stable" .channel }}
   name: {{ .name }}
   source: {{ .source }}
   sourceNamespace: {{ .sourceNamespace }}

diff --git a/charts/keycloak/.helmignore b/charts/keycloak/.helmignore
@@ -0,0 +1,21 @@
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
diff --git a/charts/keycloak/Chart.yaml b/charts/keycloak/Chart.yaml
@@ -0,0 +1,5 @@
+apiVersion: v2
+description: |
+  A chart to manage various keycloak ressources
+name: keycloak
+version: 0.0.0-dev
diff --git a/charts/keycloak/README.md b/charts/keycloak/README.md
@@ -0,0 +1,30 @@
+# keycloak
+
+A chart to manage various keycloak ressources
+
+![Version: 0.0.0-dev](https://img.shields.io/badge/Version-0.0.0--dev-informational?style=flat-square)
+
+## Values
+
+| Key | Type | Default | Description |
+|-----|------|---------|-------------|
+| clients | list | `[]` | Watch [Value file](values.yaml) for examples. |
+| ingress.annotations | object | `{}` | Ingress annotations |
+| ingress.className | string | `""` | Ingress class name |
+| ingress.enabled | bool | `false` | Enable Keycloak ingress |
+| ingress.hosts[0] | object | `{"host":"keycloak.danstonkube.fr","paths":[{"path":"/","pathType":"Prefix"}]}` | Ingress hostname |
+| ingress.hosts[0].paths[0] | object | `{"path":"/","pathType":"Prefix"}` | Ingress path |
+| ingress.hosts[0].paths[0].pathType | string | `"Prefix"` | Ingress path type can be either : `Prefix`, `ImplementationSpecific` or `Exact`, watch [Official Documentation for more informations](https://kubernetes.io/docs/concepts/services-networking/ingress/#examples) |
+| ingress.tls | list | `[]` |  |
+| keycloakConfig.instances | int | `1` | Keycloak instance replicas |
+| keycloakConfig.labels | object | `{"mylabel":"label1"}` | Keycloak instance labels |
+| keycloakConfig.name | string | `"dtk"` | Keycloak instance name |
+| keycloakConfig.storageClassName | string | `"local"` | Keycloak instance storage class  |
+| nameOverride | string | `""` | Override chart default name |
+| realms | list | `[]` | Watch [Value file](values.yaml) for examples. |
+| service.name | string | `"keycloak-discovery"` |  |
+| service.port | int | `8080` |  |
+| users | list | `[]` | Watch [Value file](values.yaml) for examples. |
+
+----------------------------------------------
+Autogenerated from chart metadata using [helm-docs v1.11.0](https://github.com/norwoodj/helm-docs/releases/v1.11.0) `docker run --rm --volume "$(pwd):/helm-docs"  jnorwood/helm-docs:latest`.
diff --git a/charts/keycloak/README.md.gotmpl b/charts/keycloak/README.md.gotmpl
@@ -0,0 +1,9 @@
+{{ template "chart.header" . }}
+{{ template "chart.description" . }}
+{{ template "chart.badgesSection" . }}
+
+## Values
+
+{{ template "chart.valuesTable" . }}
+
+{{ template "helm-docs.versionFooter" . }} `docker run --rm --volume "$(pwd):/helm-docs"  jnorwood/helm-docs:latest`.
diff --git a/charts/keycloak/templates/_helpers.tpl b/charts/keycloak/templates/_helpers.tpl
@@ -0,0 +1,16 @@
+{{/* vim: set filetype=mustache: */}}
+{{/*
+Custom catalogs
+*/}}
+{{- define "name" -}}
+{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Create a default fully qualified app name.
+We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
+*/}}
+{{- define "fullname" -}}
+{{- $name := default .Chart.Name .Values.nameOverride -}}
+{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
diff --git a/charts/keycloak/templates/clients.yml b/charts/keycloak/templates/clients.yml
@@ -0,0 +1,17 @@
+{{- range .Values.clients }}
+---
+apiVersion: keycloak.org/v1alpha1
+kind: KeycloakClient
+metadata:
+  name: {{ .name }}
+  labels: {{ .labels | toYaml | nindent 4 }}
+spec:
+  realmSelector:
+    matchLabels: {{ .matchLabels | toYaml | nindent 12 }}
+  client:
+    clientId: {{ .clientId }}
+    secret: {{ .secret }}
+    {{- range $key, $val := .additionalConfig }}
+    {{ $key }}: {{ $val }}
+    {{- end }}
+{{- end }}
diff --git a/charts/keycloak/templates/ingress.yml b/charts/keycloak/templates/ingress.yml
@@ -0,0 +1,59 @@
+{{- if .Values.ingress.enabled -}}
+{{- $svcPort := .Values.service.port -}}
+{{- $svcName := .Values.service.name -}}
+{{- if and .Values.ingress.className (not (semverCompare ">=1.18-0" .Capabilities.KubeVersion.GitVersion)) }}
+  {{- if not (hasKey .Values.ingress.annotations "kubernetes.io/ingress.class") }}
+  {{- $_ := set .Values.ingress.annotations "kubernetes.io/ingress.class" .Values.ingress.className}}
+  {{- end }}
+{{- end }}
+{{- if semverCompare ">=1.19-0" .Capabilities.KubeVersion.GitVersion -}}
+apiVersion: networking.k8s.io/v1
+{{- else if semverCompare ">=1.14-0" .Capabilities.KubeVersion.GitVersion -}}
+apiVersion: networking.k8s.io/v1beta1
+{{- else -}}
+apiVersion: extensions/v1beta1
+{{- end }}
+kind: Ingress
+metadata:
+  name: {{ .Values.keycloakConfig.name }}-ingress
+  {{- with .Values.ingress.annotations }}
+  annotations:
+    {{- toYaml . | nindent 4 }}
+  {{- end }}
+spec:
+  {{- if and .Values.ingress.className (semverCompare ">=1.18-0" .Capabilities.KubeVersion.GitVersion) }}
+  ingressClassName: {{ .Values.ingress.className }}
+  {{- end }}
+  {{- if .Values.ingress.tls }}
+  tls:
+    {{- range .Values.ingress.tls }}
+    - hosts:
+        {{- range .hosts }}
+        - {{ . }}
+        {{- end }}
+      secretName: {{ .secretName }}
+    {{- end }}
+  {{- end }}
+  rules:
+    {{- range .Values.ingress.hosts }}
+    - host: {{ .host }}
+      http:
+        paths:
+          {{- range .paths }}
+          - path: {{ .path }}
+            {{- if and .pathType (semverCompare ">=1.18-0" $.Capabilities.KubeVersion.GitVersion) }}
+            pathType: {{ .pathType }}
+            {{- end }}
+            backend:
+              {{- if semverCompare ">=1.19-0" $.Capabilities.KubeVersion.GitVersion }}
+              service:
+                name: {{ $svcName }}
+                port:
+                  number: {{ $svcPort }}
+              {{- else }}
+              serviceName: {{ $svcName }}
+              servicePort: {{ $svcPort }}
+              {{- end }}
+          {{- end }}
+    {{- end }}
+{{- end }}
diff --git a/charts/keycloak/templates/keycloak_instance.yml b/charts/keycloak/templates/keycloak_instance.yml
@@ -0,0 +1,10 @@
+apiVersion: keycloak.org/v1alpha1
+kind: Keycloak
+metadata:
+  name: {{ .Values.keycloakConfig.name }}
+  labels: {{ .Values.keycloakConfig.labels | toYaml | nindent 4 }}
+spec:
+  instances: {{ .Values.keycloakConfig.instances }}
+  externalAccess:
+    enabled: false
+  storageClassName: {{ .Values.keycloakConfig.storageClassName }}
diff --git a/charts/keycloak/templates/realms.yml b/charts/keycloak/templates/realms.yml
@@ -0,0 +1,16 @@
+{{- range .Values.realms }}
+---
+apiVersion: keycloak.org/v1alpha1
+kind: KeycloakRealm
+metadata:
+  name: {{ .name }}
+  labels: {{ .labels | toYaml | nindent 4 }}
+spec:
+  realm:
+    id: {{ .id }}
+    realm: {{ .realmName }}
+    enabled: {{ .enabled }}
+    displayName: {{ .displayName }}
+    instanceSelector:
+        matchLabels: {{ .matchLabels | toYaml | nindent 12 }}
+{{- end }}
diff --git a/charts/keycloak/templates/users.yml b/charts/keycloak/templates/users.yml
@@ -0,0 +1,26 @@
+{{- range .Values.users }}
+---
+apiVersion: keycloak.org/v1alpha1
+kind: KeycloakUser
+metadata:
+  name: {{ .name }}
+  labels: {{ .labels | toYaml | nindent 4 }}
+spec:
+  user:
+    username: {{ .username }}
+    email: {{ .email }}
+    enabled: {{ .enabled }}
+    emailVerified: {{ .emailVerified }}
+    firstName: {{ .firstName }}
+    lastName: {{ .lastName }}
+    credentials:
+      {{- if .password }}
+        - type: password
+          value: {{ .password.value }}
+          temporary: {{ .password.temporary }}
+      {{- end }}
+      {{- if .otp }}
+        - type: otp
+          value: {{ .otp.value }}
+      {{- end }}  
+{{- end }}
diff --git a/charts/keycloak/values.yaml b/charts/keycloak/values.yaml
@@ -0,0 +1,76 @@
+---
+# -- Override chart default name
+nameOverride: ""
+
+keycloakConfig:
+  # -- Keycloak instance name
+  name: dtk
+  # -- Keycloak instance labels
+  labels:
+      mylabel: label1
+  # -- Keycloak instance replicas
+  instances: 1
+  # -- Keycloak instance storage class 
+  storageClassName: local
+
+service:
+  name: keycloak-discovery
+  port: 8080
+
+ingress:
+  # -- Enable Keycloak ingress
+  enabled: false
+  # -- Ingress annotations
+  annotations: {}
+  # -- Ingress class name
+  className: ""
+  hosts:
+    # -- Ingress hostname
+    - host: keycloak.danstonkube.fr
+      paths:
+          # -- Ingress path
+        - path: /
+          # -- Ingress path type can be either : `Prefix`, `ImplementationSpecific` or `Exact`, watch [Official Documentation for more informations](https://kubernetes.io/docs/concepts/services-networking/ingress/#examples)
+          pathType: Prefix
+  tls: []
+
+# -- Watch [Value file](values.yaml) for examples.
+users: []
+# - name: passepartout
+#   labels:
+#     mylabel: label1
+#   username: passepartout
+#   email: [email protected]
+#   enabled: true
+#   emailVerified: true
+#   firstName: Passe
+#   lastName: Partout
+#   password:
+#     value: changeme
+#     temporary: true
+#   otp:
+#     value: 92192190 
+
+# -- Watch [Value file](values.yaml) for examples.
+realms: []
+# - name: passepartout
+#   labels:
+#     mylabel: label1
+#   id: dtk
+#   realmName: dtk
+#   enabled: true
+#   displayName: Dans ton kube
+#   matchLabels: 
+#     mylabeltomatch: dtk
+
+# -- Watch [Value file](values.yaml) for examples.
+clients: []
+# - name: passepartout
+#   labels:
+#     mylabel: label1
+#   clientId: dtk
+#   secret: dtk-secret
+#   additionalConfig:
+#     protocol: https
+#   matchLabels: 
+#     realm: dtk
diff --git a/cluster/README.md b/cluster/README.md
@@ -920,6 +920,61 @@ Traefik is an open-source Edge Router that makes publishing your services a fun
 
 ### Security
 
+#### Keycloak
+
+| Key | Type | Default | Description |
+|-----|------|---------|-------------|
+
+##### Adding realms
+
+```yaml
+realms:
+  - name: passepartout
+    labels:
+      mylabel: label1
+    id: dtk
+    realmName: dtk
+    enabled: true
+    displayName: Dans ton kube
+    matchLabels:
+      mylabeltomatch: dtk
+```
+
+##### Adding clients
+
+```yaml
+clients:
+  - name: passepartout
+    labels:
+      mylabel: label1
+    clientId: dtk
+    secret: dtk-secret
+    additionalConfig:
+      protocol: https
+    matchLabels:
+      realm: dtk
+```
+
+##### Adding users
+
+```yaml
+users:
+  - name: passepartout
+    labels:
+      mylabel: label1
+    username: passepartout
+    email: [email protected]
+    enabled: true
+    emailVerified: true
+    firstName: Passe
+    lastName: Partout
+    password:
+      value: changeme
+      temporary: true
+    otp:
+      value: 92192190
+```
+
 #### User management
 
 User management is a chart hosted on this repository, you can retrieve templates [here](../charts/users/).