From 62ec91e303733a9758a502f76bce80f29cd4b5f2 Mon Sep 17 00:00:00 2001 From: Nithin Shekar Kuruba <81444731+NithinKuruba@users.noreply.github.com> Date: Tue, 30 Jan 2024 15:29:11 -0800 Subject: [PATCH] feat: create svc account and rbac (#42) --- charts/keycloak/Chart.yaml | 2 +- charts/keycloak/templates/_helpers.tpl | 11 ++++++++ charts/keycloak/templates/deployment.yaml | 2 +- charts/keycloak/templates/rbac.yaml | 28 +++++++++++++++++++ charts/keycloak/templates/serviceaccount.yaml | 7 +++++ charts/keycloak/values.yaml | 7 +++++ 6 files changed, 55 insertions(+), 2 deletions(-) create mode 100644 charts/keycloak/templates/rbac.yaml create mode 100644 charts/keycloak/templates/serviceaccount.yaml diff --git a/charts/keycloak/Chart.yaml b/charts/keycloak/Chart.yaml index 5c92c02..52a9312 100644 --- a/charts/keycloak/Chart.yaml +++ b/charts/keycloak/Chart.yaml @@ -1,6 +1,6 @@ apiVersion: v1 name: sso-keycloak -version: 1.15.1 +version: 1.15.2 appVersion: 7.6.39-build.1 description: Open Source Identity and Access Management For Modern Applications and Services dependencies: diff --git a/charts/keycloak/templates/_helpers.tpl b/charts/keycloak/templates/_helpers.tpl index 7e23a66..e7ce9c0 100644 --- a/charts/keycloak/templates/_helpers.tpl +++ b/charts/keycloak/templates/_helpers.tpl @@ -82,3 +82,14 @@ Maintenance Selector labels app.kubernetes.io/name: {{ include "sso-keycloak.name" . }}-maintenance app.kubernetes.io/instance: {{ .Release.Name }} {{- end }} + +{{/* +Create the name of the service account to use +*/}} +{{- define "sso-keycloak.serviceAccountName" -}} +{{- if .Values.serviceAccount.create }} +{{- default (include "sso-keycloak.fullname" .) .Values.serviceAccount.name }} +{{- else }} +{{- default "default" .Values.serviceAccount.name }} +{{- end }} +{{- end }} diff --git a/charts/keycloak/templates/deployment.yaml b/charts/keycloak/templates/deployment.yaml index 3389bc3..69494ca 100644 --- a/charts/keycloak/templates/deployment.yaml +++ b/charts/keycloak/templates/deployment.yaml @@ -50,7 +50,7 @@ spec: echo "Waiting for StatefulSet {{ .Values.patroni.nameOverride }} rollout to complete..." sleep 5 done - + serviceAccountName: {{ include "sso-keycloak.serviceAccountName" . }} containers: - name: {{ .Chart.Name }} image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}" diff --git a/charts/keycloak/templates/rbac.yaml b/charts/keycloak/templates/rbac.yaml new file mode 100644 index 0000000..c7c8234 --- /dev/null +++ b/charts/keycloak/templates/rbac.yaml @@ -0,0 +1,28 @@ +{{- if .Values.rbac.create }} +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: {{ include "sso-keycloak.fullname" . }} + labels: {{ include "sso-keycloak.labels" . | nindent 4 }} +rules: +- apiGroups: ["apps"] + resources: ["statefulsets"] + verbs: + - get + - list + - watch +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: {{ include "sso-keycloak.fullname" . }} + labels: {{ include "sso-keycloak.labels" . | nindent 4 }} +subjects: + - kind: ServiceAccount + name: {{ include "sso-keycloak.fullname" . }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: {{ include "sso-keycloak.fullname" . }} +--- +{{- end }} diff --git a/charts/keycloak/templates/serviceaccount.yaml b/charts/keycloak/templates/serviceaccount.yaml new file mode 100644 index 0000000..6a0cb0d --- /dev/null +++ b/charts/keycloak/templates/serviceaccount.yaml @@ -0,0 +1,7 @@ +{{- if .Values.serviceAccount.create }} +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ include "sso-keycloak.fullname" . }} + labels: {{ include "sso-keycloak.labels" . | nindent 4 }} +{{- end }} diff --git a/charts/keycloak/values.yaml b/charts/keycloak/values.yaml index cbdccd2..62ab1ae 100644 --- a/charts/keycloak/values.yaml +++ b/charts/keycloak/values.yaml @@ -122,6 +122,13 @@ podDisruptionBudget: minAvailable: maxUnavailable: +serviceAccount: + create: true + +rbac: + # Specifies whether RBAC resources should be created + create: true + patroni: replicaCount: 3 # RH-SSO v7.5-9 is not tested with PostgreSQL 14