From 44c11538d95fd30c795ed9e65660eed0354508fb Mon Sep 17 00:00:00 2001 From: ablanchard Date: Fri, 12 Apr 2024 11:01:19 -0700 Subject: [PATCH 1/8] Add values file options for persistence to allow tweaking PVC settings for keycloak --- src/keycloak/chart/templates/pvc.yaml | 77 +++++++++++++++++-- src/keycloak/chart/templates/statefulset.yaml | 25 ++++-- src/keycloak/chart/values.yaml | 18 +++++ 3 files changed, 109 insertions(+), 11 deletions(-) diff --git a/src/keycloak/chart/templates/pvc.yaml b/src/keycloak/chart/templates/pvc.yaml index 928c2b518..98d612a26 100644 --- a/src/keycloak/chart/templates/pvc.yaml +++ b/src/keycloak/chart/templates/pvc.yaml @@ -1,4 +1,53 @@ -{{- if .Values.devMode }} +{{- if .Values.persistence.providers.enabled }} +kind: PersistentVolumeClaim +apiVersion: v1 +metadata: + name: {{ include "keycloak.fullname" . }}-providers + namespace: {{ .Release.Namespace }} + labels: + {{- include "keycloak.labels" . | nindent 4 }} +spec: + accessModes: + - {{ .Values.persistence.accessMode | quote }} + resources: + requests: + storage: {{ .Values.persistence.providers.size | quote }} + {{ if .Values.persistence.storageClassName }} + {{- if (eq "-" .Values.persistence.storageClassName) }} + storageClassName: "" + {{- else }} + storageClassName: "{{ .Values.persistence.storageClassName }}" + {{- end }} + {{- end }} +--- +{{- end }} + +{{- if .Values.persistence.conf.enabled }} +kind: PersistentVolumeClaim +apiVersion: v1 +metadata: + name: {{ include "keycloak.fullname" . }}-conf + namespace: {{ .Release.Namespace }} + labels: + {{- include "keycloak.labels" . | nindent 4 }} +spec: + accessModes: + - {{ .Values.persistence.accessMode | quote }} + resources: + requests: + storage: {{ .Values.persistence.conf.size | quote }} + {{ if .Values.persistence.storageClassName }} + {{- if (eq "-" .Values.persistence.storageClassName) }} + storageClassName: "" + {{- else }} + storageClassName: "{{ .Values.persistence.storageClassName }}" + {{- end }} + {{- end }} +--- +{{- end }} + +{{- if or .Values.persistence.data.enabled .Values.devMode }} +# devMode enables this PVC by default to preserve legacy behavior kind: PersistentVolumeClaim apiVersion: v1 metadata: @@ -8,11 +57,22 @@ metadata: {{- include "keycloak.labels" . | nindent 4 }} spec: accessModes: - - ReadWriteOnce + - {{ .Values.persistence.accessMode | quote }} resources: requests: - storage: 512Mi + storage: {{ .Values.persistence.data.size | quote }} + {{ if .Values.persistence.storageClassName }} + {{- if (eq "-" .Values.persistence.storageClassName) }} + storageClassName: "" + {{- else }} + storageClassName: "{{ .Values.persistence.storageClassName }}" + {{- end }} + {{- end }} --- +{{- end }} + +{{- if or .Values.persistence.themes.enabled .Values.devMode }} +# devMode enables this PVC by default to preserve legacy behavior kind: PersistentVolumeClaim apiVersion: v1 metadata: @@ -22,8 +82,15 @@ metadata: {{- include "keycloak.labels" . | nindent 4 }} spec: accessModes: - - ReadWriteOnce + - {{ .Values.persistence.accessMode | quote }} resources: requests: - storage: 512Mi + storage: {{ .Values.persistence.themes.size | quote }} + {{ if .Values.persistence.storageClassName }} + {{- if (eq "-" .Values.persistence.storageClassName) }} + storageClassName: "" + {{- else }} + storageClassName: "{{ .Values.persistence.storageClassName }}" + {{- end }} + {{- end }} {{- end }} diff --git a/src/keycloak/chart/templates/statefulset.yaml b/src/keycloak/chart/templates/statefulset.yaml index 374a56be5..c5560da58 100644 --- a/src/keycloak/chart/templates/statefulset.yaml +++ b/src/keycloak/chart/templates/statefulset.yaml @@ -239,19 +239,32 @@ spec: terminationGracePeriodSeconds: {{ .Values.terminationGracePeriodSeconds }} volumes: - name: providers + {{- if .Values.persistence.providers.enabled }} + persistentVolumeClaim: + claimName: {{ include "keycloak.fullname" . }}-providers + {{- else }} emptyDir: {} + {{- end }} - name: conf + {{- if .Values.persistence.conf.enabled }} + persistentVolumeClaim: + claimName: {{ include "keycloak.fullname" . }}-conf + {{- else }} emptyDir: {} - {{- if .Values.devMode }} + {{- end }} - name: data + {{- if or .Values.persistence.data.enabled .Values.devMode }} + # devMode enables this PVC by default to preserve legacy behavior persistentVolumeClaim: claimName: {{ include "keycloak.fullname" . }}-data + {{- else }} + emptyDir: {} + {{- end }} - name: themes + {{- if or .Values.persistence.themes.enabled .Values.devMode }} + # devMode enables this PVC by default to preserve legacy behavior persistentVolumeClaim: claimName: {{ include "keycloak.fullname" . }}-themes - {{- else }} - - name: data - emptyDir: {} - - name: themes + {{- else }} emptyDir: {} - {{- end }} + {{- end }} diff --git a/src/keycloak/chart/values.yaml b/src/keycloak/chart/values.yaml index c6110a0db..8c1271c4c 100644 --- a/src/keycloak/chart/values.yaml +++ b/src/keycloak/chart/values.yaml @@ -91,6 +91,24 @@ resources: cpu: "1" memory: "1Gi" +# Persistence settings for PVC management (when enabled=false, an emptyDir will be used) +# `devMode` overrides the enabled flag for `data` and `themes` to preserve legacy behavior +persistence: + accessMode: ReadWriteOnce + storageClassName: "" + providers: + enabled: false + size: "512Mi" + conf: + enabled: false + size: "512Mi" + data: + enabled: false + size: "512Mi" + themes: + enabled: false + size: "512Mi" + # Pod disruption budget podDisruptionBudget: {} From 53994c632eb12bab2fa44ba297df4f2d41fa8060 Mon Sep 17 00:00:00 2001 From: ablanchard Date: Fri, 12 Apr 2024 11:05:44 -0700 Subject: [PATCH 2/8] added a note in the readme regarding PVCs and devMode --- src/keycloak/chart/README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/keycloak/chart/README.md b/src/keycloak/chart/README.md index 265724189..c870b5079 100644 --- a/src/keycloak/chart/README.md +++ b/src/keycloak/chart/README.md @@ -10,7 +10,7 @@ For more information on Keycloak and its capabilities, see its [documentation](h ### Dev Mode -When `devMode: true` is set, the chart will deploy a single Keycloak Pod with an in-memory database and scaling turned off. +When `devMode: true` is set, the chart will deploy a single Keycloak Pod with an in-memory database and scaling turned off. Devmode also levarages PVCs by default for `data` and `themes`. ### Autoscaling From 905daa1e0ee8fd9c9ca7a59098aa2afe77e4c765 Mon Sep 17 00:00:00 2001 From: ablanchard Date: Wed, 17 Apr 2024 08:10:07 -0400 Subject: [PATCH 3/8] missing whitespace trim - --- src/keycloak/chart/templates/pvc.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/keycloak/chart/templates/pvc.yaml b/src/keycloak/chart/templates/pvc.yaml index 98d612a26..c6548221d 100644 --- a/src/keycloak/chart/templates/pvc.yaml +++ b/src/keycloak/chart/templates/pvc.yaml @@ -86,7 +86,7 @@ spec: resources: requests: storage: {{ .Values.persistence.themes.size | quote }} - {{ if .Values.persistence.storageClassName }} + {{- if .Values.persistence.storageClassName }} {{- if (eq "-" .Values.persistence.storageClassName) }} storageClassName: "" {{- else }} From 8174eaf284fc75ca7ee81f801167717494f36ab5 Mon Sep 17 00:00:00 2001 From: Opnauticus Date: Wed, 17 Apr 2024 08:11:15 -0400 Subject: [PATCH 4/8] Update src/keycloak/chart/README.md Co-authored-by: Micah Nagel --- src/keycloak/chart/README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/keycloak/chart/README.md b/src/keycloak/chart/README.md index c870b5079..c191822f6 100644 --- a/src/keycloak/chart/README.md +++ b/src/keycloak/chart/README.md @@ -10,7 +10,7 @@ For more information on Keycloak and its capabilities, see its [documentation](h ### Dev Mode -When `devMode: true` is set, the chart will deploy a single Keycloak Pod with an in-memory database and scaling turned off. Devmode also levarages PVCs by default for `data` and `themes`. +When `devMode: true` is set, the chart will deploy a single Keycloak Pod with an in-memory database and scaling turned off. Devmode also leverages PVCs by default for `data` and `themes`. ### Autoscaling From 72baabb367d7765149b3051c7b3075e5ff9ec80b Mon Sep 17 00:00:00 2001 From: Opnauticus Date: Wed, 17 Apr 2024 08:22:38 -0400 Subject: [PATCH 5/8] Update src/keycloak/chart/values.yaml Co-authored-by: Micah Nagel --- src/keycloak/chart/values.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/keycloak/chart/values.yaml b/src/keycloak/chart/values.yaml index 8c1271c4c..f35ef1cce 100644 --- a/src/keycloak/chart/values.yaml +++ b/src/keycloak/chart/values.yaml @@ -92,7 +92,7 @@ resources: memory: "1Gi" # Persistence settings for PVC management (when enabled=false, an emptyDir will be used) -# `devMode` overrides the enabled flag for `data` and `themes` to preserve legacy behavior +# `devMode` overrides the enabled flag for `data` and `themes` to allow hot-reloads of the theme/plugin in k3d persistence: accessMode: ReadWriteOnce storageClassName: "" From 8f3e32cfa092fe9634f842ec4c2011a8d4f6ecad Mon Sep 17 00:00:00 2001 From: ablanchard Date: Wed, 17 Apr 2024 08:57:46 -0400 Subject: [PATCH 6/8] simplifying sc name template --- src/keycloak/chart/templates/pvc.yaml | 22 +++------------------- 1 file changed, 3 insertions(+), 19 deletions(-) diff --git a/src/keycloak/chart/templates/pvc.yaml b/src/keycloak/chart/templates/pvc.yaml index c6548221d..fea8dd0b9 100644 --- a/src/keycloak/chart/templates/pvc.yaml +++ b/src/keycloak/chart/templates/pvc.yaml @@ -12,13 +12,9 @@ spec: resources: requests: storage: {{ .Values.persistence.providers.size | quote }} - {{ if .Values.persistence.storageClassName }} - {{- if (eq "-" .Values.persistence.storageClassName) }} - storageClassName: "" - {{- else }} + {{- if .Values.persistence.storageClassName }} storageClassName: "{{ .Values.persistence.storageClassName }}" {{- end }} - {{- end }} --- {{- end }} @@ -36,13 +32,9 @@ spec: resources: requests: storage: {{ .Values.persistence.conf.size | quote }} - {{ if .Values.persistence.storageClassName }} - {{- if (eq "-" .Values.persistence.storageClassName) }} - storageClassName: "" - {{- else }} + {{- if .Values.persistence.storageClassName }} storageClassName: "{{ .Values.persistence.storageClassName }}" {{- end }} - {{- end }} --- {{- end }} @@ -61,13 +53,9 @@ spec: resources: requests: storage: {{ .Values.persistence.data.size | quote }} - {{ if .Values.persistence.storageClassName }} - {{- if (eq "-" .Values.persistence.storageClassName) }} - storageClassName: "" - {{- else }} + {{- if .Values.persistence.storageClassName }} storageClassName: "{{ .Values.persistence.storageClassName }}" {{- end }} - {{- end }} --- {{- end }} @@ -87,10 +75,6 @@ spec: requests: storage: {{ .Values.persistence.themes.size | quote }} {{- if .Values.persistence.storageClassName }} - {{- if (eq "-" .Values.persistence.storageClassName) }} - storageClassName: "" - {{- else }} storageClassName: "{{ .Values.persistence.storageClassName }}" {{- end }} - {{- end }} {{- end }} From b0bfcfbe45d7ec10841f5aafc427bce6c3952dc6 Mon Sep 17 00:00:00 2001 From: ablanchard Date: Wed, 17 Apr 2024 09:08:42 -0400 Subject: [PATCH 7/8] persistence values note --- src/keycloak/chart/values.yaml | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/src/keycloak/chart/values.yaml b/src/keycloak/chart/values.yaml index f35ef1cce..ef3c42694 100644 --- a/src/keycloak/chart/values.yaml +++ b/src/keycloak/chart/values.yaml @@ -93,6 +93,11 @@ resources: # Persistence settings for PVC management (when enabled=false, an emptyDir will be used) # `devMode` overrides the enabled flag for `data` and `themes` to allow hot-reloads of the theme/plugin in k3d +# +# NOTE: +# Default persistence settings should be sufficient for *nearly all use cases*, especially when used in conjunction with +# the [uds-identity-config](https://github.com/defenseunicorns/uds-identity-config) image which is included by default. +# Unique situations may require changes, but care should be taken to account for an appropriate accessMode for your environment. persistence: accessMode: ReadWriteOnce storageClassName: "" From ed9850c17853082e57bdbaf16d2e3c6b3a8ae035 Mon Sep 17 00:00:00 2001 From: ablanchard Date: Wed, 17 Apr 2024 09:12:50 -0400 Subject: [PATCH 8/8] whitespace linting --- src/keycloak/chart/values.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/keycloak/chart/values.yaml b/src/keycloak/chart/values.yaml index ef3c42694..b64f42d8f 100644 --- a/src/keycloak/chart/values.yaml +++ b/src/keycloak/chart/values.yaml @@ -96,8 +96,8 @@ resources: # # NOTE: # Default persistence settings should be sufficient for *nearly all use cases*, especially when used in conjunction with -# the [uds-identity-config](https://github.com/defenseunicorns/uds-identity-config) image which is included by default. -# Unique situations may require changes, but care should be taken to account for an appropriate accessMode for your environment. +# the [uds-identity-config](https://github.com/defenseunicorns/uds-identity-config) image which is included by default. +# Unique situations may require changes, but care should be taken to account for an appropriate accessMode for your environment. persistence: accessMode: ReadWriteOnce storageClassName: ""