diff --git a/src/keycloak/chart/README.md b/src/keycloak/chart/README.md index 265724189..c191822f6 100644 --- a/src/keycloak/chart/README.md +++ b/src/keycloak/chart/README.md @@ -10,7 +10,7 @@ For more information on Keycloak and its capabilities, see its [documentation](h ### Dev Mode -When `devMode: true` is set, the chart will deploy a single Keycloak Pod with an in-memory database and scaling turned off. +When `devMode: true` is set, the chart will deploy a single Keycloak Pod with an in-memory database and scaling turned off. Devmode also leverages PVCs by default for `data` and `themes`. ### Autoscaling diff --git a/src/keycloak/chart/templates/pvc.yaml b/src/keycloak/chart/templates/pvc.yaml index 928c2b518..fea8dd0b9 100644 --- a/src/keycloak/chart/templates/pvc.yaml +++ b/src/keycloak/chart/templates/pvc.yaml @@ -1,4 +1,45 @@ -{{- if .Values.devMode }} +{{- if .Values.persistence.providers.enabled }} +kind: PersistentVolumeClaim +apiVersion: v1 +metadata: + name: {{ include "keycloak.fullname" . }}-providers + namespace: {{ .Release.Namespace }} + labels: + {{- include "keycloak.labels" . | nindent 4 }} +spec: + accessModes: + - {{ .Values.persistence.accessMode | quote }} + resources: + requests: + storage: {{ .Values.persistence.providers.size | quote }} + {{- if .Values.persistence.storageClassName }} + storageClassName: "{{ .Values.persistence.storageClassName }}" + {{- end }} +--- +{{- end }} + +{{- if .Values.persistence.conf.enabled }} +kind: PersistentVolumeClaim +apiVersion: v1 +metadata: + name: {{ include "keycloak.fullname" . }}-conf + namespace: {{ .Release.Namespace }} + labels: + {{- include "keycloak.labels" . | nindent 4 }} +spec: + accessModes: + - {{ .Values.persistence.accessMode | quote }} + resources: + requests: + storage: {{ .Values.persistence.conf.size | quote }} + {{- if .Values.persistence.storageClassName }} + storageClassName: "{{ .Values.persistence.storageClassName }}" + {{- end }} +--- +{{- end }} + +{{- if or .Values.persistence.data.enabled .Values.devMode }} +# devMode enables this PVC by default to preserve legacy behavior kind: PersistentVolumeClaim apiVersion: v1 metadata: @@ -8,11 +49,18 @@ metadata: {{- include "keycloak.labels" . | nindent 4 }} spec: accessModes: - - ReadWriteOnce + - {{ .Values.persistence.accessMode | quote }} resources: requests: - storage: 512Mi + storage: {{ .Values.persistence.data.size | quote }} + {{- if .Values.persistence.storageClassName }} + storageClassName: "{{ .Values.persistence.storageClassName }}" + {{- end }} --- +{{- end }} + +{{- if or .Values.persistence.themes.enabled .Values.devMode }} +# devMode enables this PVC by default to preserve legacy behavior kind: PersistentVolumeClaim apiVersion: v1 metadata: @@ -22,8 +70,11 @@ metadata: {{- include "keycloak.labels" . | nindent 4 }} spec: accessModes: - - ReadWriteOnce + - {{ .Values.persistence.accessMode | quote }} resources: requests: - storage: 512Mi + storage: {{ .Values.persistence.themes.size | quote }} + {{- if .Values.persistence.storageClassName }} + storageClassName: "{{ .Values.persistence.storageClassName }}" + {{- end }} {{- end }} diff --git a/src/keycloak/chart/templates/statefulset.yaml b/src/keycloak/chart/templates/statefulset.yaml index 374a56be5..c5560da58 100644 --- a/src/keycloak/chart/templates/statefulset.yaml +++ b/src/keycloak/chart/templates/statefulset.yaml @@ -239,19 +239,32 @@ spec: terminationGracePeriodSeconds: {{ .Values.terminationGracePeriodSeconds }} volumes: - name: providers + {{- if .Values.persistence.providers.enabled }} + persistentVolumeClaim: + claimName: {{ include "keycloak.fullname" . }}-providers + {{- else }} emptyDir: {} + {{- end }} - name: conf + {{- if .Values.persistence.conf.enabled }} + persistentVolumeClaim: + claimName: {{ include "keycloak.fullname" . }}-conf + {{- else }} emptyDir: {} - {{- if .Values.devMode }} + {{- end }} - name: data + {{- if or .Values.persistence.data.enabled .Values.devMode }} + # devMode enables this PVC by default to preserve legacy behavior persistentVolumeClaim: claimName: {{ include "keycloak.fullname" . }}-data + {{- else }} + emptyDir: {} + {{- end }} - name: themes + {{- if or .Values.persistence.themes.enabled .Values.devMode }} + # devMode enables this PVC by default to preserve legacy behavior persistentVolumeClaim: claimName: {{ include "keycloak.fullname" . }}-themes - {{- else }} - - name: data - emptyDir: {} - - name: themes + {{- else }} emptyDir: {} - {{- end }} + {{- end }} diff --git a/src/keycloak/chart/values.yaml b/src/keycloak/chart/values.yaml index c6110a0db..b64f42d8f 100644 --- a/src/keycloak/chart/values.yaml +++ b/src/keycloak/chart/values.yaml @@ -91,6 +91,29 @@ resources: cpu: "1" memory: "1Gi" +# Persistence settings for PVC management (when enabled=false, an emptyDir will be used) +# `devMode` overrides the enabled flag for `data` and `themes` to allow hot-reloads of the theme/plugin in k3d +# +# NOTE: +# Default persistence settings should be sufficient for *nearly all use cases*, especially when used in conjunction with +# the [uds-identity-config](https://github.com/defenseunicorns/uds-identity-config) image which is included by default. +# Unique situations may require changes, but care should be taken to account for an appropriate accessMode for your environment. +persistence: + accessMode: ReadWriteOnce + storageClassName: "" + providers: + enabled: false + size: "512Mi" + conf: + enabled: false + size: "512Mi" + data: + enabled: false + size: "512Mi" + themes: + enabled: false + size: "512Mi" + # Pod disruption budget podDisruptionBudget: {}