From bdc4d52135152e694c4aeeddcc37aea90ced28ef Mon Sep 17 00:00:00 2001 From: Viacheslav Kropotko <50667050+s-vkropotko@users.noreply.github.com> Date: Mon, 7 Dec 2020 17:36:47 +0100 Subject: [PATCH] [keycloak] Add Affinity to HTTP Service (#355) Signed-off-by: Viacheslav Kropotko --- charts/keycloak/Chart.yaml | 2 +- charts/keycloak/README.md | 2 ++ charts/keycloak/templates/service-http.yaml | 7 +++++++ charts/keycloak/values.schema.json | 6 ++++++ charts/keycloak/values.yaml | 5 +++++ 5 files changed, 21 insertions(+), 1 deletion(-) diff --git a/charts/keycloak/Chart.yaml b/charts/keycloak/Chart.yaml index c0e1c4d5..6daeed9e 100644 --- a/charts/keycloak/Chart.yaml +++ b/charts/keycloak/Chart.yaml @@ -1,6 +1,6 @@ apiVersion: v1 name: keycloak -version: 9.7.0 +version: 9.8.0 appVersion: 11.0.2 description: Open Source Identity and Access Management For Modern Applications and Services keywords: diff --git a/charts/keycloak/README.md b/charts/keycloak/README.md index e486909a..ffaa62b5 100644 --- a/charts/keycloak/README.md +++ b/charts/keycloak/README.md @@ -99,6 +99,8 @@ The following table lists the configurable parameters of the Keycloak chart and | `service.httpManagementPort` | The WildFly management Service port | `8443` | | `service.httpManagementNodePort` | The WildFly management node port if type is NodePort | `""` | | `service.extraPorts` | Additional Service ports, e. g. for custom admin console | `[]` | +| `service.sessionAffinity` | sessionAffinity for Service, e. g. "ClientIP" | `""` | +| `service.sessionAffinityConfig` | sessionAffinityConfig for Service | `{}` | | `ingress.enabled` | If `true`, an Ingress is created | `false` | | `ingress.rules` | List of Ingress Ingress rule | see below | | `ingress.rules[0].host` | Host for the Ingress rule | `keycloak.example.com` | diff --git a/charts/keycloak/templates/service-http.yaml b/charts/keycloak/templates/service-http.yaml index df4e35c4..0aef7a56 100644 --- a/charts/keycloak/templates/service-http.yaml +++ b/charts/keycloak/templates/service-http.yaml @@ -23,6 +23,13 @@ spec: loadBalancerSourceRanges: {{- toYaml .Values.service.loadBalancerSourceRanges | nindent 4 }} {{- end }} + {{- if .Values.service.sessionAffinity }} + sessionAffinity: {{ .Values.service.sessionAffinity }} + {{- with .Values.service.sessionAffinityConfig }} + sessionAffinityConfig: + {{- toYaml . | nindent 4 }} + {{- end }} + {{- end }} ports: - name: http port: {{ .Values.service.httpPort }} diff --git a/charts/keycloak/values.schema.json b/charts/keycloak/values.schema.json index 7254b6c8..47c2aa36 100644 --- a/charts/keycloak/values.schema.json +++ b/charts/keycloak/values.schema.json @@ -334,6 +334,12 @@ }, "loadBalancerIP": { "type": "string" + }, + "sessionAffinity": { + "type": "string" + }, + "sessionAffinityConfig": { + "type": "object" } } }, diff --git a/charts/keycloak/values.yaml b/charts/keycloak/values.yaml index 200f3d19..72153554 100644 --- a/charts/keycloak/values.yaml +++ b/charts/keycloak/values.yaml @@ -241,6 +241,11 @@ service: # to connect to the LoadBalancer, e. g. will result in Security Groups # (or equivalent) with inbound source ranges allowed to connect loadBalancerSourceRanges: [] + # Session affinity + # See https://kubernetes.io/docs/concepts/services-networking/service/#proxy-mode-userspace + sessionAffinity: "" + # Session affinity config + sessionAffinityConfig: {} ingress: # If `true`, an Ingress is created