upstream/keycloak
1
0
Fork 0
mirror of https://github.com/keycloak/keycloak.git synced 2026-02-03 20:39:33 -05:00
Code Issues Projects Releases Packages Wiki Activity Actions 4

create helm chart for keycloak-operator

Browse source 
Signed-off-by: AvivGuiser <avivguiser@gmail.com>
This commit is contained in:
AvivGuiser 2025-08-23 14:23:17 +03:00
parent b7c876b812
commit 7404c4fa39
15 changed files with 8178 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

23
operator/helm/keycloak-operator/.helmignore Normal file
View file

@ -0,0 +1,23 @@
# Patterns to ignore when building packages.
# This supports shell glob matching, relative path matching, and
# negation (prefixed with !). Only one pattern per line.
.DS_Store
# Common VCS dirs
.git/
.gitignore
.bzr/
.bzrignore
.hg/
.hgignore
.svn/
# Common backup files
*.swp
*.bak
*.tmp
*.orig
*~
# Various IDEs
.project
.idea/
*.tmproj
.vscode/

6
operator/helm/keycloak-operator/Chart.yaml Normal file
View file

@ -0,0 +1,6 @@
apiVersion: v2
name: keycloak-operator
description: A Helm chart for deploying keycloak operator on Kubernetes
type: application
version: 0.1.0
appVersion: 26.3.3

60
operator/helm/keycloak-operator/templates/_helpers.tpl Normal file
View file

@ -0,0 +1,60 @@
{{/*
Expand the name of the chart.
*/}}
{{- define "keycloak.name" -}}
{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }}
{{- end }}
{{/*
Create a default fully qualified app name.
We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
If release name contains chart name it will be used as a full name.
*/}}
{{- define "keycloak.fullname" -}}
{{- if .Values.fullnameOverride }}
{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }}
{{- else }}
{{- $name := default .Chart.Name .Values.nameOverride }}
{{- if contains $name .Release.Name }}
{{- .Release.Name | trunc 63 | trimSuffix "-" }}
{{- else }}
{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }}
{{- end }}
{{- end }}
{{- end }}
{{/*
Create chart name and version as used by the chart label.
*/}}
{{- define "keycloak.chart" -}}
{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }}
{{- end }}
{{/*
Common labels
*/}}
{{- define "keycloak.labels" -}}
helm.sh/chart: {{ include "keycloak.chart" . }}
{{- if .Chart.AppVersion }}
app.kubernetes.io/version: {{ .Chart.AppVersion }}
{{- end }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
{{- end }}
{{/*
Selector labels
*/}}
{{- define "keycloak.selectorLabels" -}}
app.kubernetes.io/name: {{ include "keycloak.name" . }}
{{- end }}
{{/*
Create the name of the service account to use
*/}}
{{- define "keycloak.serviceAccountName" -}}
{{- if .Values.serviceAccount.create }}
{{- default (include "keycloak.fullname" .) .Values.serviceAccount.name }}
{{- else }}
{{- default "default" .Values.serviceAccount.name }}
{{- end }}
{{- end }}

79
operator/helm/keycloak-operator/templates/clusterrole.yaml Normal file
View file

@ -0,0 +1,79 @@
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
labels:
{{- include "keycloak.labels" . | nindent 4 }}
name: keycloakcontroller-cluster-role
rules:
- apiGroups:
- k8s.keycloak.org
resources:
- keycloaks
- keycloaks/status
- keycloaks/finalizers
verbs:
- get
- list
- watch
- patch
- update
- create
- delete
- apiGroups:
- ""
resources:
- services
verbs:
- create
- delete
- get
- list
- patch
- update
- watch
- apiGroups:
- apps
resources:
- statefulsets
verbs:
- create
- delete
- get
- list
- patch
- update
- watch
- apiGroups:
- networking.k8s.io
resources:
- ingresses
verbs:
- create
- delete
- get
- list
- patch
- update
- watch
- apiGroups:
- ""
resources:
- secrets
verbs:
- create
- delete
- get
- list
- watch
- apiGroups:
- networking.k8s.io
resources:
- networkpolicies
verbs:
- create
- delete
- get
- list
- patch
- update
- watch

14
operator/helm/keycloak-operator/templates/clusterrolebinding.yaml Normal file
View file

@ -0,0 +1,14 @@
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
labels:
{{- include "keycloak.labels" . | nindent 4 }}
name: keycloak-operator-clusterrole-binding
roleRef:
kind: ClusterRole
apiGroup: rbac.authorization.k8s.io
name: keycloak-operator-clusterrole
subjects:
- kind: ServiceAccount
name: {{ include "keycloak.serviceAccountName" . }}
namespace: {{ .Release.Namespace }}

66
operator/helm/keycloak-operator/templates/deployment.yaml Normal file
View file

@ -0,0 +1,66 @@
apiVersion: apps/v1
kind: Deployment
metadata:
labels:
{{- include "keycloak.labels" . | nindent 4 }}
name: {{ include "keycloak.fullname" . }}
namespace: {{ .Release.Namespace }}
spec:
replicas: 1
revisionHistoryLimit: {{ .Values.revisionHistoryLimit }}
selector:
matchLabels:
{{ include "keycloak.selectorLabels" . }}
template:
metadata:
labels:
{{ include "keycloak.selectorLabels" . }}
spec:
containers:
- name: keycloak-operator
env:
- name: KUBERNETES_NAMESPACE
valueFrom:
fieldRef:
fieldPath: metadata.namespace
- name: RELATED_IMAGE_KEYCLOAK
value: "{{ .Values.image.registry }}/{{ .Values.keycloakImage.repository }}:{{ .Values.keycloakImage.tag | default .Chart.AppVersion }}"
image: "{{ .Values.image.registry }}/{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}"
imagePullPolicy: {{ .Values.image.pullPolicy }}
{{- with .Values.livenessProbe }}
livenessProbe:
{{- toYaml . | nindent 12 }}
{{- end }}
{{- with .Values.readinessProbe }}
readinessProbe:
{{- toYaml . | nindent 12 }}
{{- end }}
{{- with .Values.startupProbe }}
startupProbe:
{{- toYaml . | nindent 12 }}
{{- end }}
ports:
- containerPort: 8080
name: http
protocol: TCP
{{- with .Values.resources }}
resources:
{{- toYaml . | nindent 12 }}
{{- end }}
serviceAccountName: {{ include "keycloak.serviceAccountName" . }}
{{- with .Values.podSecurityContext }}
securityContext:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.nodeSelector }}
nodeSelector:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.affinity }}
affinity:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.tolerations }}
tolerations:
{{- toYaml . | nindent 8 }}
{{- end }}

3985
operator/helm/keycloak-operator/templates/keycloak-crd.yaml Normal file
View file

File diff suppressed because it is too large Load diff

3629
operator/helm/keycloak-operator/templates/keycloak-realm-import-crd.yaml Normal file
View file

File diff suppressed because it is too large Load diff

12
operator/helm/keycloak-operator/templates/openshift-clusterrole.yaml Normal file
View file

@ -0,0 +1,12 @@
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
labels:
{{- include "keycloak.labels" . | nindent 4 }}
rules:
- apiGroups:
- config.openshift.io
resources:
- ingresses
verbs:
- get

44
operator/helm/keycloak-operator/templates/realm-import-clusterrole.yaml Normal file
View file

@ -0,0 +1,44 @@
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
labels:
{{- include "keycloak.labels" . | nindent 4 }}
name: keycloakrealmimportcontroller-cluster-role
rules:
- apiGroups:
- k8s.keycloak.org
resources:
- keycloakrealmimports
- keycloakrealmimports/status
- keycloakrealmimports/finalizers
verbs:
- get
- list
- watch
- patch
- update
- create
- delete
- apiGroups:
- batch
resources:
- jobs
verbs:
- create
- delete
- get
- list
- patch
- watch
- apiGroups:
- ""
resources:
- secrets
verbs:
- create
- delete
- get
- list
- patch
- update
- watch

71
operator/helm/keycloak-operator/templates/role.yaml Normal file
View file

@ -0,0 +1,71 @@
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
labels:
{{- include "keycloak.labels" . | nindent 4 }}
name: keycloak-operator-role
namespace: {{ .Release.Namespace }}
rules:
- apiGroups:
- apps
resources:
- statefulsets
verbs:
- get
- list
- watch
- create
- delete
- patch
- update
- apiGroups:
- ""
resources:
- configmaps
verbs:
- get
- list
- watch
- apiGroups:
- ""
resources:
- secrets
- services
verbs:
- get
- list
- watch
- create
- delete
- patch
- update
- apiGroups:
- ""
resources:
- pods
verbs:
- list
- apiGroups:
- batch
resources:
- jobs
verbs:
- get
- list
- watch
- create
- delete
- patch
- update
- apiGroups:
- networking.k8s.io
resources:
- ingresses
verbs:
- get
- list
- watch
- create
- delete
- patch
- update

60
operator/helm/keycloak-operator/templates/rolebinding.yaml Normal file
View file

@ -0,0 +1,60 @@
---
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
labels:
{{- include "keycloak.labels" . | nindent 4 }}
name: keycloak-operator-role-binding
namespace: {{ .Release.Namespace }}
roleRef:
kind: Role
apiGroup: rbac.authorization.k8s.io
name: keycloak-operator-role
subjects:
- kind: ServiceAccount
name: {{ include "keycloak.serviceAccountName" . }}
---
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
labels:
{{- include "keycloak.labels" . | nindent 4 }}
name: keycloakrealmimportcontroller-role-binding
namespace: {{ .Release.Namespace }}
roleRef:
kind: ClusterRole
apiGroup: rbac.authorization.k8s.io
name: keycloakrealmimportcontroller-cluster-role
subjects:
- kind: ServiceAccount
name: {{ include "keycloak.serviceAccountName" . }}
---
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
labels:
{{- include "keycloak.labels" . | nindent 4 }}
name: keycloakcontroller-role-binding
namespace: {{ .Release.Namespace }}
roleRef:
kind: ClusterRole
apiGroup: rbac.authorization.k8s.io
name: keycloakcontroller-cluster-role
subjects:
- kind: ServiceAccount
name: {{ include "keycloak.serviceAccountName" . }}
---
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
labels:
{{- include "keycloak.labels" . | nindent 4 }}
name: keycloak-operator-view
namespace: {{ .Release.Namespace }}
roleRef:
kind: ClusterRole
apiGroup: rbac.authorization.k8s.io
name: view
subjects:
- kind: ServiceAccount
name: {{ include "keycloak.serviceAccountName" . }}

18
operator/helm/keycloak-operator/templates/service.yaml Normal file
View file

@ -0,0 +1,18 @@
{{- if .Values.service.enabled }}
apiVersion: v1
kind: Service
metadata:
labels:
{{- include "keycloak.labels" . | nindent 4 }}
name: {{ include "keycloak.fullname" . }}
namespace: {{ .Release.Namespace }}
spec:
ports:
- name: http
port: 80
protocol: TCP
targetPort: 8080
selector:
{{ include "keycloak.selectorLabels" . | indent 4 }}
type: ClusterIP
{{- end }}

7
operator/helm/keycloak-operator/templates/serviceaccount.yaml Normal file
View file

@ -0,0 +1,7 @@
apiVersion: v1
kind: ServiceAccount
metadata:
labels:
{{- include "keycloak.labels" . | nindent 4 }}
name: {{ include "keycloak.serviceAccountName" . }}
namespace: {{ .Release.Namespace }}

104
operator/helm/keycloak-operator/values.yaml Normal file
View file

@ -0,0 +1,104 @@
# Default values for keycloak.
# This is a YAML-formatted file.
# Declare variables to be passed into your templates.
# This will set the replicaset count more information can be found here: https://kubernetes.io/docs/concepts/workloads/controllers/replicaset/
replicaCount: 1
crd:
enabled: true
# This sets the container image more information can be found here: https://kubernetes.io/docs/concepts/containers/images/
image:
registry: quay.io
repository: keycloak/keycloak-operator
# This sets the pull policy for images.
pullPolicy: IfNotPresent
# Overrides the image tag whose default is the chart appVersion.
tag: ""
keycloakImage:
registry: quay.io
repository: keycloak
tag: ""
# This is for the secrets for pulling an image from a private repository more information can be found here: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/
imagePullSecrets: []
# This is to override the chart name.
nameOverride: ""
fullnameOverride: ""
# this sets revisionHistoryLimit for operator deployment
revisionHistoryLimit: 10
# This section builds out the service account more information can be found here: https://kubernetes.io/docs/concepts/security/service-accounts/
serviceAccount:
# Specifies whether a service account should be created
create: true
# Annotations to add to the service account
annotations: {}
# The name of the service account to use.
# If not set and create is true, a name is generated using the fullname template
name: ""
podSecurityContext: {}
# fsGroup: 2000
securityContext: {}
# capabilities:
# drop:
# - ALL
# readOnlyRootFilesystem: true
# runAsNonRoot: true
# runAsUser: 1000
# This is for setting up a service more information can be found here: https://kubernetes.io/docs/concepts/services-networking/service/
service:
enabled: true
# This sets the service type more information can be found here: https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services-service-types
type: ClusterIP
# This sets the ports more information can be found here: https://kubernetes.io/docs/concepts/services-networking/service/#field-spec-ports
port: 80
resources:
limits:
memory: 512Mi
requests:
cpu: 300m
memory: 512Mi
# This is to setup the liveness and readiness probes more information can be found here: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/
livenessProbe:
httpGet:
path: /q/health/live
port: http
failureThreshold: 3
initialDelaySeconds: 5
periodSeconds: 10
successThreshold: 1
timeoutSeconds: 10
readinessProbe:
httpGet:
path: /q/health/ready
port: http
failureThreshold: 3
initialDelaySeconds: 5
periodSeconds: 10
successThreshold: 1
timeoutSeconds: 10
startupProbe:
httpGet:
path: /q/health/started
port: http
failureThreshold: 3
initialDelaySeconds: 5
periodSeconds: 10
successThreshold: 1
timeoutSeconds: 10
nodeSelector: {}
tolerations: []
affinity: {}