Skip to content

Commit

Permalink
Azure Postgres Flexible server support (#1040)
Browse files Browse the repository at this point in the history 
* Update keycloak to mount in cert from KeyVault

* Test chart install - minikube without azure values
  • Loading branch information
@sambles
sambles committed May 23, 2024
1 parent 5070783 commit ff125dc
Showing 1 changed file with 26 additions and 2 deletions.
28 changes: 26 additions & 2 deletions kubernetes/charts/oasis-platform/templates/keycloak.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -98,6 +98,12 @@ spec:
ports:
- containerPort: {{ .Values.keycloak.port }}
env:
{{- if (.Values.azure).secretProvider }}
{{- if hasKey .Values.azure.secretProvider.secrets "keycloak-cert" }}
- name: KC_DB_URL_PROPERTIES
value: "?sslmode=verify-full&sslcert=root.crt"
{{- end }}
{{- end }}
- name: KC_LOGLEVEL
value: DEBUG
- name: PROXY_ADDRESS_FORWARDING
Expand Down Expand Up @@ -172,16 +178,34 @@ spec:
- name: realm-config
mountPath: /opt/keycloak/data/import/oasis-realm.json
subPath: oasis
{{- if (.Values.azure).secretProvider }}
{{- if hasKey .Values.azure.secretProvider.secrets "keycloak-cert" }}
- name: azure-keycloak-cert
mountPath: /opt/keycloak/.postgresql/root.crt
subPath: keycloak-cert-file
readOnly: true
{{- end }}
{{- end }}

volumes:
- name: realm-config
configMap:
name: {{ $realmSecretName }}
{{- if (.Values.azure).secretProvider }}
{{- if (.Values.azure).secretProvider }}
{{- if hasKey .Values.azure.secretProvider.secrets "keycloak-cert" }}
- name: azure-keycloak-cert
csi:
driver: secrets-store.csi.k8s.io
readOnly: true
volumeAttributes:
secretProviderClass: "azure-secret-provider"
objectName: "keycloak-cert-file"
objectType: "secret"
{{- end }}
- name: azure-secret-provider
csi:
driver: secrets-store.csi.k8s.io
readOnly: true
volumeAttributes:
secretProviderClass: "azure-secret-provider"
{{- end }}
{{- end }}

0 comments on commit ff125dc

Please sign in to comment.