keycloak data volume

vertigobr · Oct 22, 2020 · 1756b48 · 1756b48
1 parent 0b2939c
commit 1756b48
Show file tree

Hide file tree

Showing 4 changed files with 41 additions and 11 deletions.
diff --git a/charts/vkpr/templates/keycloak-data-volume.yaml b/charts/vkpr/templates/keycloak-data-volume.yaml
@@ -1,4 +1,5 @@
 {{- if .Values.keycloak.enabled -}}
+{{- if eq .Values.keycloak.postgresql.enabled false -}}
 # apenas para h2
 apiVersion: v1
 kind: PersistentVolumeClaim
@@ -11,3 +12,4 @@ spec:
     requests:
       storage: 1Gi
 {{- end -}}
+{{- end -}}
diff --git a/charts/vkpr/values.yaml b/charts/vkpr/values.yaml
@@ -31,9 +31,14 @@ graylog:
 
 keycloak:
   enabled: false
-  keycloak:
-    persistence:
-      dbVendor: h2
+  # postgresql - enables subchart
+  # keep disabled to use external database (like RDS) - this is the recommended option
+  # https://artifacthub.io/packages/helm/codecentric/keycloak
+  # Keycloak will fallback to H2 local file-based DB if no `DB_VENDOR` is informed
+  # H2 located at "/opt/jboss/keycloak/standalone/data"
+  # Mounting it into a PVC can be done, but it should only be ok for single instance.
+  postgresql:
+    enabled: false
 
 vault:
   enabled: false

diff --git a/examples/keycloak/realm.json b/examples/keycloak/realm.json
@@ -1,5 +1,5 @@
 {
-    "realm": "example",
+    "realm": "vkpr",
     "enabled": true,
     "sslRequired": "external",
     "registrationAllowed": true,

diff --git a/examples/local/values-local-keycloak.yaml b/examples/local/values-local-keycloak.yaml
@@ -1,10 +1,27 @@
+#
+# Valores para testes locais com o k3d.
+# 
+# O que executa:
+# - Ingress controller (ingress-nginx)
+# - Aplicação "whoami"
+# - Keycloak
+#
+# kubectl create secret generic vkpr-realm-secret --from-file=examples/keycloak/realms/realm.json
+# helm upgrade -i vkpr --skip-crds -f examples/local/values-local-keycloak.yaml ./charts/vkpr
+#
+# Coloque as seguintes entradas no /etc/hosts :
+# 127.0.0.1    keycloak.localdomain
+#
+# Abrir a seguinte URL no browser:
+#
+# 
+#
 
 #
 # INGRESS STACK
 #
 ingress-nginx:
   enabled: true
-    #     http: 32080
 
 external-dns:
   enabled: false
@@ -43,10 +60,8 @@ keycloak:
   enabled: true
   rbac:
     create: true
-  username: keycloak
-  password: vert1234
   postgresql:
-    enabled: true	
+    enabled: false
   ingress:
     enabled: true
     tls: []
@@ -55,14 +70,22 @@ keycloak:
     rules:
       - host: "keycloak.localdomain"
         paths: ["/"]
+  # mounts realm.json as secret
+  # mounts volume as H2 database (when no postgres is used)
   extraVolumes: |
-    - name: realm-secret
+    - name: vkpr-realm-secret
       secret:
-        secretName: realm-secret
+        secretName: vkpr-realm-secret
+    - name: keycloak-data
+      persistentVolumeClaim:
+        claimName: keycloak-data-volume
   extraVolumeMounts: |
-    - name: realm-secret
+    - name: vkpr-realm-secret
       mountPath: "/realm/"
       readOnly: true
+    - name: keycloak-data
+      mountPath: "/opt/jboss/keycloak/standalone/data"
+      readOnly: false
   extraEnv: |
     - name: KEYCLOAK_IMPORT
       value: /realm/realm.json