Skip to content

Commit

Permalink
feat: create svc account and rbac (#42)
Browse files Browse the repository at this point in the history
  • Loading branch information
@NithinKuruba
NithinKuruba authored Jan 30, 2024
1 parent 96a36b6 commit 62ec91e
Show file tree
Hide file tree
Showing 6 changed files with 55 additions and 2 deletions.
2 changes: 1 addition & 1 deletion charts/keycloak/Chart.yaml
View file
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
apiVersion: v1
name: sso-keycloak
version: 1.15.1
version: 1.15.2
appVersion: 7.6.39-build.1
description: Open Source Identity and Access Management For Modern Applications and Services
dependencies:
Expand Down
11 changes: 11 additions & 0 deletions charts/keycloak/templates/_helpers.tpl
View file
Original file line number Diff line number Diff line change
Expand Up @@ -82,3 +82,14 @@ Maintenance Selector labels
app.kubernetes.io/name: {{ include "sso-keycloak.name" . }}-maintenance
app.kubernetes.io/instance: {{ .Release.Name }}
{{- end }}

{{/*
Create the name of the service account to use
*/}}
{{- define "sso-keycloak.serviceAccountName" -}}
{{- if .Values.serviceAccount.create }}
{{- default (include "sso-keycloak.fullname" .) .Values.serviceAccount.name }}
{{- else }}
{{- default "default" .Values.serviceAccount.name }}
{{- end }}
{{- end }}
2 changes: 1 addition & 1 deletion charts/keycloak/templates/deployment.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -50,7 +50,7 @@ spec:
echo "Waiting for StatefulSet {{ .Values.patroni.nameOverride }} rollout to complete..."
sleep 5
done
serviceAccountName: {{ include "sso-keycloak.serviceAccountName" . }}
containers:
- name: {{ .Chart.Name }}
image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}"
Expand Down
28 changes: 28 additions & 0 deletions charts/keycloak/templates/rbac.yaml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,28 @@
{{- if .Values.rbac.create }}
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
name: {{ include "sso-keycloak.fullname" . }}
labels: {{ include "sso-keycloak.labels" . | nindent 4 }}
rules:
- apiGroups: ["apps"]
resources: ["statefulsets"]
verbs:
- get
- list
- watch
---
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
name: {{ include "sso-keycloak.fullname" . }}
labels: {{ include "sso-keycloak.labels" . | nindent 4 }}
subjects:
- kind: ServiceAccount
name: {{ include "sso-keycloak.fullname" . }}
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: {{ include "sso-keycloak.fullname" . }}
---
{{- end }}
7 changes: 7 additions & 0 deletions charts/keycloak/templates/serviceaccount.yaml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,7 @@
{{- if .Values.serviceAccount.create }}
apiVersion: v1
kind: ServiceAccount
metadata:
name: {{ include "sso-keycloak.fullname" . }}
labels: {{ include "sso-keycloak.labels" . | nindent 4 }}
{{- end }}
7 changes: 7 additions & 0 deletions charts/keycloak/values.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -122,6 +122,13 @@ podDisruptionBudget:
minAvailable:
maxUnavailable:

serviceAccount:
create: true

rbac:
# Specifies whether RBAC resources should be created
create: true

patroni:
replicaCount: 3
# RH-SSO v7.5-9 is not tested with PostgreSQL 14
Expand Down

0 comments on commit 62ec91e

Please sign in to comment.