diff --git a/.github/workflows/pr-build.yaml b/.github/workflows/pr-build.yaml index 1b06b300..8aa33fd3 100644 --- a/.github/workflows/pr-build.yaml +++ b/.github/workflows/pr-build.yaml @@ -14,10 +14,9 @@ jobs: - name: Harden Runner uses: step-security/harden-runner@1b05615854632b887b69ae1be8cbefe72d3ae423 # v2.6.0 with: - egress-policy: audit - + egress-policy: audit - name: Checkout - uses: actions/checkout@8ade135a41bc03ea155e62e844d188df1ea18608 # v4 + uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3 with: fetch-depth: 0 @@ -26,12 +25,12 @@ jobs: with: version: v3.4.0 - - uses: actions/setup-python@65d7f2d534ac1bc67fcd62888c5f4f3d2cb2b236 # v4.7.1 + - uses: actions/setup-python@61a6322f88396a6271a6ee3565807d608ecaddd1 # v4.7.0 with: python-version: 3.7 - name: Set up chart-testing - uses: helm/chart-testing-action@e8788873172cb653a90ca2e819d79d65a66d4e76 # v2.4.0 + uses: helm/chart-testing-action@e6669bcd63d7cb57cb4380c33043eebe5d111992 # v2.6.1 - name: Run chart-testing (list-changed) id: list-changed @@ -43,23 +42,21 @@ jobs: - name: Run chart-testing (lint) run: ct lint --target-branch=master --chart-dirs chart --check-version-increment=false - build: + fmt: runs-on: ubuntu-latest - outputs: - profiles: ${{ steps.profiles.outputs.matrix }} steps: - name: Harden Runner uses: step-security/harden-runner@1b05615854632b887b69ae1be8cbefe72d3ae423 # v2.6.0 with: - egress-policy: audit + egress-policy: audit - name: Checkout - uses: actions/checkout@8ade135a41bc03ea155e62e844d188df1ea18608 # v4 + uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3 - name: Setup Go uses: actions/setup-go@93397bea11091df50f3d7e59dc26a7711a8bcfbe # v4.1.0 with: go-version: 1.20.x - name: Restore Go cache - uses: actions/cache@704facf57e6136b1bc63b828d79edcd491f0ee84 # v3.3.2 + uses: actions/cache@88522ab9f39a2ea568f7027eddc7d8d8bc9d59c8 # v3.3.1 with: path: ~/go/pkg/mod key: ${{ runner.os }}-go-${{ hashFiles('**/go.sum') }} @@ -71,14 +68,68 @@ jobs: run: make vet - name: lint run: make lint - - name: test - run: make test + - name: Check if working tree is dirty + run: | + if [[ $(git diff --stat) != '' ]]; then + git --no-pager diff + echo 'run and commit changes' + exit 1 + fi + + test: + runs-on: ubuntu-latest + strategy: + matrix: + kubernetes-version: + - "1.25" + - "1.26" + - "1.27" + - "1.28" + steps: + - name: Harden Runner + uses: step-security/harden-runner@1b05615854632b887b69ae1be8cbefe72d3ae423 # v2.6.0 + with: + egress-policy: audit + - name: Checkout + uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3 + - name: Setup Go + uses: actions/setup-go@93397bea11091df50f3d7e59dc26a7711a8bcfbe # v4.1.0 + with: + go-version: 1.20.x + - name: Restore Go cache + uses: actions/cache@88522ab9f39a2ea568f7027eddc7d8d8bc9d59c8 # v3.3.1 + with: + path: ~/go/pkg/mod + key: ${{ runner.os }}-go-${{ hashFiles('**/go.sum') }} + restore-keys: | + ${{ runner.os }}-go- + - name: run test + run: make test ENVTEST_K8S_VERSION=${{ matrix.kubernetes-version }} + + build: + runs-on: ubuntu-latest + outputs: + profiles: ${{ steps.profiles.outputs.matrix }} + steps: + - name: Harden Runner + uses: step-security/harden-runner@1b05615854632b887b69ae1be8cbefe72d3ae423 # v2.6.0 + with: + egress-policy: audit + - name: Checkout + uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3 + - name: Setup Go + uses: actions/setup-go@93397bea11091df50f3d7e59dc26a7711a8bcfbe # v4.1.0 + with: + go-version: 1.20.x + - name: Restore Go cache + uses: actions/cache@88522ab9f39a2ea568f7027eddc7d8d8bc9d59c8 # v3.3.1 + with: + path: ~/go/pkg/mod + key: ${{ runner.os }}-go-${{ hashFiles('**/go.sum') }} + restore-keys: | + ${{ runner.os }}-go- - name: build run: make build - - name: Send go coverage report - uses: shogo82148/actions-goveralls@7b1bd2871942af030d707d6574e5f684f9891fb2 # v1.8.0 - with: - path-to-profile: coverage.out - name: Check if working tree is dirty run: | if [[ $(git diff --stat) != '' ]]; then @@ -91,12 +142,12 @@ jobs: make docker-build - name: Create image tarball run: | - docker save --output k8skeycloak-controller-container.tar k8skeycloak-controller:latest + docker save --output keycloak-controller-container.tar keycloak-controller:latest - name: Upload image - uses: actions/upload-artifact@a8a3f3ad30e3422c9c7b888a15615d19a852ae32 # v3.1.3 + uses: actions/upload-artifact@0b7f8abb1508181956e8e162db84b466c27e18ce #v3.1.2 with: - name: k8skeycloak-controller-container - path: k8skeycloak-controller-container.tar + name: keycloak-controller-container + path: keycloak-controller-container.tar - id: profiles name: Determine test profiles run: | @@ -104,51 +155,6 @@ jobs: echo $profiles echo "::set-output name=matrix::$profiles" - test-chart: - runs-on: ubuntu-latest - needs: - - build - - lint-chart - steps: - - name: Harden Runner - uses: step-security/harden-runner@1b05615854632b887b69ae1be8cbefe72d3ae423 # v2.6.0 - with: - egress-policy: audit - - - name: Checkout - uses: actions/checkout@8ade135a41bc03ea155e62e844d188df1ea18608 # v4 - with: - fetch-depth: 0 - - - name: Set up Helm - uses: azure/setup-helm@5119fcb9089d432beecbf79bb2c7915207344b78 #v3.5 - - - uses: actions/setup-python@65d7f2d534ac1bc67fcd62888c5f4f3d2cb2b236 # v4.7.1 - with: - python-version: 3.7 - - - name: Set up chart-testing - uses: helm/chart-testing-action@e8788873172cb653a90ca2e819d79d65a66d4e76 # v2.4.0 - - - name: Create kind cluster - uses: helm/kind-action@dda0770415bac9fc20092cacbc54aa298604d140 # v1.8.0 - - - name: Download k8skeycloak-controller container - uses: actions/download-artifact@9bc31d5ccc31df68ecc42ccf4149144866c47d8a # v3.0.2 - with: - name: k8skeycloak-controller-container - path: /tmp - - - name: Load image - run: | - docker load --input /tmp/k8skeycloak-controller-container.tar - docker tag k8skeycloak-controller:latest ghcr.io/doodlescheduling/k8skeycloak-controller:0.0.0 - kind load docker-image ghcr.io/doodlescheduling/k8skeycloak-controller:0.0.0 --name chart-testing - docker image ls -a - - - name: Run chart-testing (install) - run: ct install --target-branch=master --chart-dirs chart - e2e-tests: runs-on: ubuntu-latest needs: @@ -158,11 +164,11 @@ jobs: profile: ${{ fromJson(needs.build.outputs.profiles) }} steps: - name: Harden Runner - uses: step-security/harden-runner@1b05615854632b887b69ae1be8cbefe72d3ae423 # v2.6.0 + uses: step-security/harden-runner@8ca2b8b2ece13480cda6dacd3511b49857a23c09 # v2.5.1 with: egress-policy: audit - name: Checkout - uses: actions/checkout@8ade135a41bc03ea155e62e844d188df1ea18608 # v4 + uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3 - name: Setup Go uses: actions/setup-go@93397bea11091df50f3d7e59dc26a7711a8bcfbe # v4.1.0 with: @@ -171,14 +177,14 @@ jobs: uses: engineerd/setup-kind@aa272fe2a7309878ffc2a81c56cfe3ef108ae7d0 #v0.5.0 with: version: v0.17.0 - - name: Download k8skeycloak-controller container + - name: Download keycloak-controller container uses: actions/download-artifact@9bc31d5ccc31df68ecc42ccf4149144866c47d8a #v3.0.2 with: - name: k8skeycloak-controller-container + name: keycloak-controller-container path: /tmp - name: Load images run: | - docker load --input /tmp/k8skeycloak-controller-container.tar + docker load --input /tmp/keycloak-controller-container.tar docker image ls -a - name: Setup Kustomize uses: imranismail/setup-kustomize@6691bdeb1b0a3286fb7f70fd1423c10e81e5375f # v2.0.0 @@ -189,7 +195,51 @@ jobs: if: failure() run: | kubectl -n kube-system describe pods - kubectl -n k8skeycloak-system describe pods - kubectl -n k8skeycloak-system get all - kubectl -n k8skeycloak-system logs deploy/k8skeycloak-controller - kubectl -n k8skeycloak-system get keycloakrealm -o yaml + kubectl -n keycloak-system describe pods + kubectl -n keycloak-system get all + kubectl -n keycloak-system logs deploy/keycloak-controller + kubectl -n keycloak-system get keycloakrealms -o yaml + + test-chart: + runs-on: ubuntu-latest + needs: + - build + - lint-chart + steps: + - name: Harden Runner + uses: step-security/harden-runner@1b05615854632b887b69ae1be8cbefe72d3ae423 # v2.6.0 + with: + egress-policy: audit + - name: Checkout + uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3 + with: + fetch-depth: 0 + + - name: Set up Helm + uses: azure/setup-helm@5119fcb9089d432beecbf79bb2c7915207344b78 #v3.5 + + - uses: actions/setup-python@61a6322f88396a6271a6ee3565807d608ecaddd1 # v4.7.0 + with: + python-version: 3.7 + + - name: Set up chart-testing + uses: helm/chart-testing-action@e6669bcd63d7cb57cb4380c33043eebe5d111992 # v2.6.1 + + - name: Create kind cluster + uses: helm/kind-action@dda0770415bac9fc20092cacbc54aa298604d140 # v1.8.0 + + - name: Download keycloak-controller container + uses: actions/download-artifact@9bc31d5ccc31df68ecc42ccf4149144866c47d8a # v3.0.2 + with: + name: keycloak-controller-container + path: /tmp + + - name: Load image + run: | + docker load --input /tmp/keycloak-controller-container.tar + docker tag keycloak-controller:latest ghcr.io/doodlescheduling/keycloak-controller:v0.0.0 + kind load docker-image ghcr.io/doodlescheduling/keycloak-controller:v0.0.0 --name chart-testing + docker image ls -a + + - name: Run chart-testing (install) + run: ct install --target-branch=master --chart-dirs chart \ No newline at end of file diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml index 7e67a55a..6bdc7390 100644 --- a/.github/workflows/release.yaml +++ b/.github/workflows/release.yaml @@ -72,10 +72,10 @@ jobs: - name: Package helm charts run: | packVersion=$(echo "${{ github.ref_name }}" | sed 's/^v//g') - helm package chart/k8skeycloak-controller -d chart --version=$packVersion --app-version=${{ github.ref_name }} + helm package chart/keycloak-controller -d chart --version=$packVersion --app-version=${{ github.ref_name }} - name: Publish helm charts to Github Container Registry run: | repository=$(echo "${{ github.repository_owner }}" | tr [:upper:] [:lower:]) - helm push ${{ github.workspace }}/chart/k8skeycloak-controller-*.tgz oci://ghcr.io/$repository/charts |& tee .digest + helm push ${{ github.workspace }}/chart/keycloak-controller-*.tgz oci://ghcr.io/$repository/charts |& tee .digest cosign login --username ${GITHUB_ACTOR} --password ${{ secrets.GITHUB_TOKEN }} ghcr.io - cosign sign --yes ghcr.io/$repository/charts/k8skeycloak-controller@$(cat .digest | awk -F "[, ]+" '/Digest/{print $NF}') + cosign sign --yes ghcr.io/$repository/charts/keycloak-controller@$(cat .digest | awk -F "[, ]+" '/Digest/{print $NF}') diff --git a/.github/workflows/scan.yaml b/.github/workflows/scan.yaml index 031557aa..a36a0793 100644 --- a/.github/workflows/scan.yaml +++ b/.github/workflows/scan.yaml @@ -17,6 +17,10 @@ jobs: name: FOSSA runs-on: ubuntu-latest steps: + - name: Harden Runner + uses: step-security/harden-runner@1b05615854632b887b69ae1be8cbefe72d3ae423 # v2.6.0 + with: + egress-policy: audit - uses: actions/checkout@8ade135a41bc03ea155e62e844d188df1ea18608 # v4 - name: Run FOSSA scan and upload build data uses: fossa-contrib/fossa-action@6728dc6fe9a068c648d080c33829ffbe56565023 # v2.0.0 @@ -29,6 +33,10 @@ jobs: name: CodeQL runs-on: ubuntu-latest steps: + - name: Harden Runner + uses: step-security/harden-runner@1b05615854632b887b69ae1be8cbefe72d3ae423 # v2.6.0 + with: + egress-policy: audit - name: Checkout repository uses: actions/checkout@8ade135a41bc03ea155e62e844d188df1ea18608 # v4 - name: Initialize CodeQL diff --git a/.goreleaser.yaml b/.goreleaser.yaml index dc07621d..f49af7db 100644 --- a/.goreleaser.yaml +++ b/.goreleaser.yaml @@ -1,4 +1,4 @@ -project_name: k8skeycloak-controller +project_name: keycloak-controller builds: - id: manager diff --git a/Dockerfile b/Dockerfile index a41d56a3..4e86a3a4 100644 --- a/Dockerfile +++ b/Dockerfile @@ -4,6 +4,6 @@ COPY manager manager USER 65532:65532 COPY assets /assets ENV ASSETS_PATH="/assets" -ENV USER k8skeycloak-controller +ENV USER keycloak-controller ENTRYPOINT ["/manager"] diff --git a/Makefile b/Makefile index ff86ac1c..e86e4a62 100644 --- a/Makefile +++ b/Makefile @@ -1,8 +1,8 @@ # Image URL to use all building/pushing image targets -IMG ?= k8skeycloak-controller:latest +IMG ?= keycloak-controller:latest # ENVTEST_K8S_VERSION refers to the version of kubebuilder assets to be downloaded by envtest binary. -ENVTEST_K8S_VERSION = 1.23 +ENVTEST_K8S_VERSION = 1.27 # Get the currently used golang install path (in GOPATH/bin, unless GOBIN is set) ifeq (,$(shell go env GOBIN)) @@ -111,7 +111,7 @@ uninstall: manifests kustomize ## Uninstall CRDs from the K8s cluster specified .PHONY: deploy deploy: manifests kustomize ## Deploy controller to the K8s cluster specified in ~/.kube/config. - cd config/base/manager && $(KUSTOMIZE) edit set image ghcr.io/doodlescheduling/k8skeycloak-controller=${IMG} + cd config/base/manager && $(KUSTOMIZE) edit set image ghcr.io/doodlescheduling/keycloak-controller=${IMG} $(KUSTOMIZE) build config/default | kubectl apply -f - .PHONY: undeploy @@ -122,22 +122,19 @@ TEST_PROFILE=keycloak-v20 CLUSTER=kind .PHONY: kind-test -kind-test: docker-build ## Deploy including test +kind-test: ## Deploy including test kustomize build config/base/crd | kubectl --context kind-${CLUSTER} apply -f - + kubectl --context kind-${CLUSTER} -n keycloak-system delete pods --all kind load docker-image ${IMG} --name ${CLUSTER} kustomize build config/tests/cases/${TEST_PROFILE} --enable-helm | kubectl --context kind-${CLUSTER} apply -f - - kubectl --context kind-${CLUSTER} -n k8skeycloak-system delete pods --all - kubectl --context kind-${CLUSTER} -n k8skeycloak-system wait --for=condition=Ready pods --all --timeout=3m - kubectl --context kind-${CLUSTER} -n k8skeycloak-system wait keycloakrealm/test --for=condition=Ready --timeout=3m - kubectl --context kind-${CLUSTER} -n k8skeycloak-system port-forward svc/keycloakx-http 8090:80 &>/dev/null & - sleep 2 - curl --fail http://localhost:8090/auth/realms/test/.well-known/openid-configuration + kubectl --context kind-${CLUSTER} -n keycloak-system wait --for=condition=Ready pods -l control-plane=controller-manager -l app.kubernetes.io/managed-by!=Helm,verify!=yes --timeout=3m + kubectl --context kind-${CLUSTER} -n keycloak-system wait --for=jsonpath='{.status.conditions[1].reason}'=PodCompleted pods -l app.kubernetes.io/managed-by!=Helm,verify=yes --timeout=3m CONTROLLER_GEN = $(GOBIN)/controller-gen .PHONY: controller-gen controller-gen: ## Download controller-gen locally if necessary. $(call go-install-tool,$(CONTROLLER_GEN),sigs.k8s.io/controller-tools/cmd/controller-gen@v0.12.0) - cp config/base/crd/bases/* chart/k8skeycloak-controller/crds/ + cp config/base/crd/bases/* chart/keycloak-controller/crds/ GOLANGCI_LINT = $(GOBIN)/golangci-lint .PHONY: golangci-lint diff --git a/PROJECT b/PROJECT index 721ad34a..257a67b9 100644 --- a/PROJECT +++ b/PROJECT @@ -1,5 +1,5 @@ domain: doodle.com -repo: github.com/DoodleScheduling/k8skeycloak-controller +repo: github.com/DoodleScheduling/keycloak-controller resources: - group: keycloak.infra.doodle.com kind: KeycloakRealm diff --git a/README.md b/README.md index 133ed2b9..6a406969 100644 --- a/README.md +++ b/README.md @@ -1,15 +1,15 @@ # Keycloak controller for kubernetes -[![release](https://img.shields.io/github/release/DoodleScheduling/k8skeycloak-controller/all.svg)](https://github.com/DoodleScheduling/k8skeycloak-controller/releases) -[![release](https://github.com/doodlescheduling/k8skeycloak-controller/actions/workflows/release.yaml/badge.svg)](https://github.com/doodlescheduling/k8skeycloak-controller/actions/workflows/release.yaml) -[![report](https://goreportcard.com/badge/github.com/DoodleScheduling/k8skeycloak-controller)](https://goreportcard.com/report/github.com/DoodleScheduling/k8skeycloak-controller) -[![Coverage Status](https://coveralls.io/repos/github/DoodleScheduling/k8skeycloak-controller/badge.svg?branch=master)](https://coveralls.io/github/DoodleScheduling/k8skeycloak-controller?branch=master) -[![license](https://img.shields.io/github/license/DoodleScheduling/k8skeycloak-controller.svg)](https://github.com/DoodleScheduling/k8skeycloak-controller/blob/master/LICENSE) +[![release](https://img.shields.io/github/release/DoodleScheduling/keycloak-controller/all.svg)](https://github.com/DoodleScheduling/keycloak-controller/releases) +[![release](https://github.com/doodlescheduling/keycloak-controller/actions/workflows/release.yaml/badge.svg)](https://github.com/doodlescheduling/keycloak-controller/actions/workflows/release.yaml) +[![report](https://goreportcard.com/badge/github.com/DoodleScheduling/keycloak-controller)](https://goreportcard.com/report/github.com/DoodleScheduling/keycloak-controller) +[![Coverage Status](https://coveralls.io/repos/github/DoodleScheduling/keycloak-controller/badge.svg?branch=master)](https://coveralls.io/github/DoodleScheduling/keycloak-controller?branch=master) +[![license](https://img.shields.io/github/license/DoodleScheduling/keycloak-controller.svg)](https://github.com/DoodleScheduling/keycloak-controller/blob/master/LICENSE) -Keycloak realm declaration for kubernetes. Compared to the [keycloak-operator](https://github.com/keycloak/keycloak-operator) this controller actually reconciles the entire realm throughout all depths. The keycloak-operator basically only creates the realm and syncs top level changes only. +Keycloak realm management for kubernetes. Compared to the [keycloak-operator](https://github.com/keycloak/keycloak-operator) this controller actually reconciles the entire realm. The keycloak-operator basically only creates the realm and syncs top level changes only. This controller supports KeycloakRealm, KeycloakClient and KeycloakUser. -However by design it does not actually deploy keycloak, it only manages one or multiple keycloakrealms. +The controller does **not** deploy keycloak, its responsibility is to manage realms for extsing keycloak deployments. This controller runs great in combination with the official keycloak operator which deploys keycloak while this controller can manage the realm. Under the hood the controller is a wrapper around the awesome [keycloak-config-cli](https://github.com/adorsys/keycloak-config-cli) @@ -17,7 +17,7 @@ which implements the entire realm update using the Keycloak REST API. ## Requirements -You need a running keycloak server. This controllers does not manage or deploy keycloak itself but rather manages realms. +A running keycloak is a requirement. This controllers does not manage or deploy keycloak itself. Also it is required to create a secret which contains the credentials for a user with enough permissions to create/manage realms. Example: @@ -33,9 +33,9 @@ metadata: ## Example KeycloakRealm -The realm is the entire representation of the realm and is synced accordingly. -It supports secrets substition to inject secrets from kubernetes secrets. -You can use `${secret:secretName:secretField}` anywhere in the realm definition. +The realm is the entire representation of the realm and is reconciled accordingly. +It supports secrets substition from kubernetes secrets. +A pattern like `${secret:secretName:secretField}` can be used anywhere in the realm. This would create a realm called default if it does not exists. If it exists it would try to update it according to the specs. @@ -102,16 +102,12 @@ spec: ### Helm -Please see [chart/k8skeycloak-controller](https://github.com/DoodleScheduling/k8skeycloak-controller/tree/master/chart/k8skeycloak-controller) for the helm chart docs. +Please see [chart/keycloak-controller](https://github.com/DoodleScheduling/keycloak-controller/tree/master/chart/keycloak-controller) for the helm chart docs. ### Manifests/kustomize Alternatively you may get the bundled manifests in each release to deploy it using kustomize or use them directly. -## Configure the controller - -The controller is configured by arguments. For all possible arguments you may access the help using `-h`. - ## Dealing with managed realms The controller tries to reconcile the realm in the specified interval (if specified) or if there is any spec change. @@ -122,3 +118,33 @@ kubectl patch keycloakrealms.keycloak.infra.doodle.com myrealm -p '{"spec":{"sus ``` This can be very useful if one wants to change and test some settings using the keycloak web ui where the controller should not interfere. + +## Configuration +The controller can be configured using cmd args: +``` +--concurrent int The number of concurrent KeycloakRealm reconciles. (default 4) +--enable-leader-election Enable leader election for controller manager. Enabling this will ensure there is only one active controller manager. +--graceful-shutdown-timeout duration The duration given to the reconciler to finish before forcibly stopping. (default 10m0s) +--health-addr string The address the health endpoint binds to. (default ":9557") +--insecure-kubeconfig-exec Allow use of the user.exec section in kubeconfigs provided for remote apply. +--insecure-kubeconfig-tls Allow that kubeconfigs provided for remote apply can disable TLS verification. +--kube-api-burst int The maximum burst queries-per-second of requests sent to the Kubernetes API. (default 300) +--kube-api-qps float32 The maximum queries-per-second of requests sent to the Kubernetes API. (default 50) +--leader-election-lease-duration duration Interval at which non-leader candidates will wait to force acquire leadership (duration string). (default 35s) +--leader-election-release-on-cancel Defines if the leader should step down voluntarily on controller manager shutdown. (default true) +--leader-election-renew-deadline duration Duration that the leading controller manager will retry refreshing leadership before giving up (duration string). (default 30s) +--leader-election-retry-period duration Duration the LeaderElector clients should wait between tries of actions (duration string). (default 5s) +--log-encoding string Log encoding format. Can be 'json' or 'console'. (default "json") +--log-level string Log verbosity level. Can be one of 'trace', 'debug', 'info', 'error'. (default "info") +--max-retry-delay duration The maximum amount of time for which an object being reconciled will have to wait before a retry. (default 15m0s) +--metrics-addr string The address the metric endpoint binds to. (default ":9556") +--min-retry-delay duration The minimum amount of time for which an object being reconciled will have to wait before a retry. (default 750ms) +--otel-endpoint string Opentelemetry gRPC endpoint (without protocol) +--otel-insecure Opentelemetry gRPC disable tls +--otel-service-name string Opentelemetry service name (default "keycloak-controller") +--otel-tls-client-cert-path string Opentelemetry gRPC mTLS client cert path +--otel-tls-client-key-path string Opentelemetry gRPC mTLS client key path +--otel-tls-root-ca-path string Opentelemetry gRPC mTLS root CA path +--watch-all-namespaces Watch for resources in all namespaces, if set to false it will only watch the runtime namespace. (default true) +--watch-label-selector string Watch for resources with matching labels e.g. 'sharding.fluxcd.io/shard=shard1'. +``` \ No newline at end of file diff --git a/chart/k8skeycloak-controller/templates/serviceaccount-token.yaml b/chart/k8skeycloak-controller/templates/serviceaccount-token.yaml deleted file mode 100644 index b08064de..00000000 --- a/chart/k8skeycloak-controller/templates/serviceaccount-token.yaml +++ /dev/null @@ -1,14 +0,0 @@ -{{- if .Values.serviceAccount.create -}} -apiVersion: v1 -kind: Secret -metadata: - name: {{ template "k8skeycloak-controller.serviceAccountName" . }} - labels: - app.kubernetes.io/name: {{ include "k8skeycloak-controller.name" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - helm.sh/chart: {{ include "k8skeycloak-controller.chart" . }} - annotations: - kubernetes.io/service-account.name: {{ template "k8skeycloak-controller.serviceAccountName" . }} -type: kubernetes.io/service-account-token -{{- end -}} diff --git a/chart/k8skeycloak-controller/Chart.yaml b/chart/keycloak-controller/Chart.yaml similarity index 53% rename from chart/k8skeycloak-controller/Chart.yaml rename to chart/keycloak-controller/Chart.yaml index b104e07c..00c55541 100644 --- a/chart/k8skeycloak-controller/Chart.yaml +++ b/chart/keycloak-controller/Chart.yaml @@ -1,7 +1,7 @@ apiVersion: v2 -appVersion: 0.0.0 +appVersion: v0.0.0 description: Keycloak Realm reconciler -home: https://github.com/DoodleScheduling/k8skeycloak-controller +home: https://github.com/DoodleScheduling/keycloak-controller maintainers: - name: devops email: devops@doodle.com @@ -9,7 +9,7 @@ keywords: - kubernetes-controller - http-keycloak - request-clone -name: k8skeycloak-controller +name: keycloak-controller sources: -- https://github.com/DoodleScheduling/k8skeycloak-controller +- https://github.com/DoodleScheduling/keycloak-controller version: 0.0.0 diff --git a/chart/k8skeycloak-controller/README.md b/chart/keycloak-controller/README.md similarity index 52% rename from chart/k8skeycloak-controller/README.md rename to chart/keycloak-controller/README.md index 83592ef5..29fab943 100644 --- a/chart/k8skeycloak-controller/README.md +++ b/chart/keycloak-controller/README.md @@ -1,16 +1,16 @@ -# k8skeycloak controller helm chart +# keycloak controller helm chart -Installs the [k8skeycloak-controller](https://github.com/DoodleScheduling/k8skeycloak-controller). +Installs the [keycloak-controller](https://github.com/DoodleScheduling/keycloak-controller). ## Installing the Chart -To install the chart with the release name `k8skeycloak-controller`: +To install the chart with the release name `keycloak-controller`: ```console -helm upgrade --install k8skeycloak-controller oci://ghcr.io/doodlescheduling/charts/k8skeycloak-controller +helm upgrade --install keycloak-controller oci://ghcr.io/doodlescheduling/charts/keycloak-controller ``` -This command deploys the k8skeycloak-controller with the default configuration. The [configuration](#configuration) section lists the parameters that can be configured during installation. +This command deploys the keycloak-controller with the default configuration. The [configuration](#configuration) section lists the parameters that can be configured during installation. ## Prometheus @@ -29,5 +29,5 @@ podAnnotations: See Customizing the Chart Before Installing. To see all configurable options with detailed comments, visit the chart's values.yaml, or run the configuration command: ```sh -$ helm show values oci://ghcr.io/doodlescheduling/charts/k8skeycloak-controller +$ helm show values oci://ghcr.io/doodlescheduling/charts/keycloak-controller ``` diff --git a/chart/k8skeycloak-controller/crds/keycloak.infra.doodle.com_keycloakclients.yaml b/chart/keycloak-controller/crds/keycloak.infra.doodle.com_keycloakclients.yaml similarity index 100% rename from chart/k8skeycloak-controller/crds/keycloak.infra.doodle.com_keycloakclients.yaml rename to chart/keycloak-controller/crds/keycloak.infra.doodle.com_keycloakclients.yaml diff --git a/chart/k8skeycloak-controller/crds/keycloak.infra.doodle.com_keycloakrealms.yaml b/chart/keycloak-controller/crds/keycloak.infra.doodle.com_keycloakrealms.yaml similarity index 100% rename from chart/k8skeycloak-controller/crds/keycloak.infra.doodle.com_keycloakrealms.yaml rename to chart/keycloak-controller/crds/keycloak.infra.doodle.com_keycloakrealms.yaml diff --git a/chart/k8skeycloak-controller/crds/keycloak.infra.doodle.com_keycloakusers.yaml b/chart/keycloak-controller/crds/keycloak.infra.doodle.com_keycloakusers.yaml similarity index 100% rename from chart/k8skeycloak-controller/crds/keycloak.infra.doodle.com_keycloakusers.yaml rename to chart/keycloak-controller/crds/keycloak.infra.doodle.com_keycloakusers.yaml diff --git a/chart/k8skeycloak-controller/templates/NOTES.txt b/chart/keycloak-controller/templates/NOTES.txt similarity index 100% rename from chart/k8skeycloak-controller/templates/NOTES.txt rename to chart/keycloak-controller/templates/NOTES.txt diff --git a/chart/k8skeycloak-controller/templates/_helpers.tpl b/chart/keycloak-controller/templates/_helpers.tpl similarity index 75% rename from chart/k8skeycloak-controller/templates/_helpers.tpl rename to chart/keycloak-controller/templates/_helpers.tpl index 4f5b8429..26f9b65b 100644 --- a/chart/k8skeycloak-controller/templates/_helpers.tpl +++ b/chart/keycloak-controller/templates/_helpers.tpl @@ -2,7 +2,7 @@ {{/* Expand the name of the chart. */}} -{{- define "k8skeycloak-controller.name" -}} +{{- define "keycloak-controller.name" -}} {{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} {{- end -}} @@ -11,7 +11,7 @@ Create a default fully qualified app name. We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). If release name contains chart name it will be used as a full name. */}} -{{- define "k8skeycloak-controller.fullname" -}} +{{- define "keycloak-controller.fullname" -}} {{- if .Values.fullnameOverride -}} {{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} {{- else -}} @@ -27,16 +27,16 @@ If release name contains chart name it will be used as a full name. {{/* Create chart name and version as used by the chart label. */}} -{{- define "k8skeycloak-controller.chart" -}} +{{- define "keycloak-controller.chart" -}} {{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}} {{- end -}} {{/* Create the name of the service account to use */}} -{{- define "k8skeycloak-controller.serviceAccountName" -}} +{{- define "keycloak-controller.serviceAccountName" -}} {{- if .Values.serviceAccount.create -}} - {{ default (include "k8skeycloak-controller.fullname" .) .Values.serviceAccount.name }} + {{ default (include "keycloak-controller.fullname" .) .Values.serviceAccount.name }} {{- else -}} {{ default "default" .Values.serviceAccount.name }} {{- end -}} @@ -45,22 +45,22 @@ Create the name of the service account to use {{/* Determine secret name, can either be the self-created of an existing one */}} -{{- define "k8skeycloak-controller.secretName" -}} +{{- define "keycloak-controller.secretName" -}} {{- if .Values.existingSecret.name -}} {{- .Values.existingSecret.name -}} {{- else -}} - {{ include "k8skeycloak-controller.fullname" . }} + {{ include "keycloak-controller.fullname" . }} {{- end -}} {{- end -}} {{/* Determine configmap name, can either be the self-created of an existing one */}} -{{- define "k8skeycloak-controller.configName" -}} +{{- define "keycloak-controller.configName" -}} {{- if .Values.existingConfig.name -}} {{- .Values.existingConfig.name -}} {{- else -}} - {{ include "k8skeycloak-controller.fullname" . }} + {{ include "keycloak-controller.fullname" . }} {{- end -}} {{- end -}} diff --git a/chart/k8skeycloak-controller/templates/clusterrole-edit.yaml b/chart/keycloak-controller/templates/clusterrole-edit.yaml similarity index 79% rename from chart/k8skeycloak-controller/templates/clusterrole-edit.yaml rename to chart/keycloak-controller/templates/clusterrole-edit.yaml index 568f1e4f..0eeb7a42 100644 --- a/chart/k8skeycloak-controller/templates/clusterrole-edit.yaml +++ b/chart/keycloak-controller/templates/clusterrole-edit.yaml @@ -2,12 +2,12 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: - name: {{ template "k8skeycloak-controller.fullname" . }}-edit + name: {{ template "keycloak-controller.fullname" . }}-edit labels: - app.kubernetes.io/name: {{ include "k8skeycloak-controller.name" . }} + app.kubernetes.io/name: {{ include "keycloak-controller.name" . }} app.kubernetes.io/instance: {{ .Release.Name }} app.kubernetes.io/managed-by: {{ .Release.Service }} - helm.sh/chart: {{ include "k8skeycloak-controller.chart" . }} + helm.sh/chart: {{ include "keycloak-controller.chart" . }} rbac.authorization.k8s.io/aggregate-to-edit: "true" rbac.authorization.k8s.io/aggregate-to-admin: "true" annotations: diff --git a/chart/k8skeycloak-controller/templates/clusterrole-view.yaml b/chart/keycloak-controller/templates/clusterrole-view.yaml similarity index 76% rename from chart/k8skeycloak-controller/templates/clusterrole-view.yaml rename to chart/keycloak-controller/templates/clusterrole-view.yaml index e9216b5f..85f0c9a7 100644 --- a/chart/k8skeycloak-controller/templates/clusterrole-view.yaml +++ b/chart/keycloak-controller/templates/clusterrole-view.yaml @@ -2,12 +2,12 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: - name: {{ template "k8skeycloak-controller.fullname" . }}-view + name: {{ template "keycloak-controller.fullname" . }}-view labels: - app.kubernetes.io/name: {{ include "k8skeycloak-controller.name" . }} + app.kubernetes.io/name: {{ include "keycloak-controller.name" . }} app.kubernetes.io/instance: {{ .Release.Name }} app.kubernetes.io/managed-by: {{ .Release.Service }} - helm.sh/chart: {{ include "k8skeycloak-controller.chart" . }} + helm.sh/chart: {{ include "keycloak-controller.chart" . }} rbac.authorization.k8s.io/aggregate-to-view: "true" annotations: {{- toYaml .Values.annotations | nindent 4 }} diff --git a/chart/k8skeycloak-controller/templates/clusterrole.yaml b/chart/keycloak-controller/templates/clusterrole.yaml similarity index 81% rename from chart/k8skeycloak-controller/templates/clusterrole.yaml rename to chart/keycloak-controller/templates/clusterrole.yaml index 1030291f..5dccb483 100644 --- a/chart/k8skeycloak-controller/templates/clusterrole.yaml +++ b/chart/keycloak-controller/templates/clusterrole.yaml @@ -2,12 +2,12 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: - name: {{ template "k8skeycloak-controller.fullname" . }} + name: {{ template "keycloak-controller.fullname" . }} labels: - app.kubernetes.io/name: {{ include "k8skeycloak-controller.name" . }} + app.kubernetes.io/name: {{ include "keycloak-controller.name" . }} app.kubernetes.io/instance: {{ .Release.Name }} app.kubernetes.io/managed-by: {{ .Release.Service }} - helm.sh/chart: {{ include "k8skeycloak-controller.chart" . }} + helm.sh/chart: {{ include "keycloak-controller.chart" . }} annotations: {{- toYaml .Values.annotations | nindent 4 }} rules: diff --git a/chart/k8skeycloak-controller/templates/clusterrolebinding.yaml b/chart/keycloak-controller/templates/clusterrolebinding.yaml similarity index 63% rename from chart/k8skeycloak-controller/templates/clusterrolebinding.yaml rename to chart/keycloak-controller/templates/clusterrolebinding.yaml index 7dfbb47f..86e50865 100644 --- a/chart/k8skeycloak-controller/templates/clusterrolebinding.yaml +++ b/chart/keycloak-controller/templates/clusterrolebinding.yaml @@ -2,22 +2,22 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: - name: {{ template "k8skeycloak-controller.fullname" . }} + name: {{ template "keycloak-controller.fullname" . }} labels: - app.kubernetes.io/name: {{ include "k8skeycloak-controller.name" . }} + app.kubernetes.io/name: {{ include "keycloak-controller.name" . }} app.kubernetes.io/instance: {{ .Release.Name }} app.kubernetes.io/managed-by: {{ .Release.Service }} - helm.sh/chart: {{ include "k8skeycloak-controller.chart" . }} + helm.sh/chart: {{ include "keycloak-controller.chart" . }} annotations: {{- toYaml .Values.annotations | nindent 4 }} roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole - name: {{ template "k8skeycloak-controller.fullname" . }} + name: {{ template "keycloak-controller.fullname" . }} subjects: - kind: ServiceAccount {{- if .Values.serviceAccount.create }} - name: {{ template "k8skeycloak-controller.fullname" . }} + name: {{ template "keycloak-controller.fullname" . }} {{- else }} name: {{ .Values.serviceAccount.name }} {{- end }} diff --git a/chart/k8skeycloak-controller/templates/deployment.yaml b/chart/keycloak-controller/templates/deployment.yaml similarity index 89% rename from chart/k8skeycloak-controller/templates/deployment.yaml rename to chart/keycloak-controller/templates/deployment.yaml index c3b97b97..5039ccd8 100644 --- a/chart/k8skeycloak-controller/templates/deployment.yaml +++ b/chart/keycloak-controller/templates/deployment.yaml @@ -1,19 +1,19 @@ apiVersion: apps/v1 kind: Deployment metadata: - name: {{ include "k8skeycloak-controller.fullname" . }} + name: {{ include "keycloak-controller.fullname" . }} labels: - app.kubernetes.io/name: {{ include "k8skeycloak-controller.name" . }} + app.kubernetes.io/name: {{ include "keycloak-controller.name" . }} app.kubernetes.io/instance: {{ .Release.Name }} app.kubernetes.io/managed-by: {{ .Release.Service }} - helm.sh/chart: {{ include "k8skeycloak-controller.chart" . }} + helm.sh/chart: {{ include "keycloak-controller.chart" . }} annotations: {{- toYaml .Values.annotations | nindent 4 }} spec: replicas: {{ .Values.replicas }} selector: matchLabels: - app.kubernetes.io/name: {{ include "k8skeycloak-controller.name" . }} + app.kubernetes.io/name: {{ include "keycloak-controller.name" . }} app.kubernetes.io/instance: {{ .Release.Name }} template: metadata: @@ -22,12 +22,12 @@ spec: {{- toYaml .Values.podAnnotations | nindent 8 }} {{- end }} labels: - app.kubernetes.io/name: {{ include "k8skeycloak-controller.name" . }} + app.kubernetes.io/name: {{ include "keycloak-controller.name" . }} app.kubernetes.io/instance: {{ .Release.Name }} spec: - serviceAccountName: {{ template "k8skeycloak-controller.serviceAccountName" . }} + serviceAccountName: {{ template "keycloak-controller.serviceAccountName" . }} containers: - - name: k8skeycloak-controller + - name: keycloak-controller env: {{- if .Values.env }} {{- range $key, $value := .Values.env }} diff --git a/chart/k8skeycloak-controller/templates/metrics-rbac.yaml b/chart/keycloak-controller/templates/metrics-rbac.yaml similarity index 56% rename from chart/k8skeycloak-controller/templates/metrics-rbac.yaml rename to chart/keycloak-controller/templates/metrics-rbac.yaml index 4349c764..620906f5 100644 --- a/chart/k8skeycloak-controller/templates/metrics-rbac.yaml +++ b/chart/keycloak-controller/templates/metrics-rbac.yaml @@ -2,12 +2,12 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: - name: {{ include "k8skeycloak-controller.fullname" . }}-metrics-reader + name: {{ include "keycloak-controller.fullname" . }}-metrics-reader labels: - app.kubernetes.io/name: {{ include "k8skeycloak-controller.name" . }} + app.kubernetes.io/name: {{ include "keycloak-controller.name" . }} app.kubernetes.io/instance: {{ .Release.Name }} app.kubernetes.io/managed-by: {{ .Release.Service }} - helm.sh/chart: {{ include "k8skeycloak-controller.chart" . }} + helm.sh/chart: {{ include "keycloak-controller.chart" . }} rules: - nonResourceURLs: - "/metrics" @@ -17,48 +17,48 @@ rules: apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: - name: {{ include "k8skeycloak-controller.fullname" . }}-metrics + name: {{ include "keycloak-controller.fullname" . }}-metrics labels: - app.kubernetes.io/name: {{ include "k8skeycloak-controller.name" . }} + app.kubernetes.io/name: {{ include "keycloak-controller.name" . }} app.kubernetes.io/instance: {{ .Release.Name }} app.kubernetes.io/managed-by: {{ .Release.Service }} - helm.sh/chart: {{ include "k8skeycloak-controller.chart" . }} + helm.sh/chart: {{ include "keycloak-controller.chart" . }} roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole - name: {{ include "k8skeycloak-controller.fullname" . }}-metrics-reader + name: {{ include "keycloak-controller.fullname" . }}-metrics-reader subjects: - kind: ServiceAccount - name: {{ template "k8skeycloak-controller.serviceAccountName" . }} + name: {{ template "keycloak-controller.serviceAccountName" . }} namespace: {{ .Release.Namespace }} --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: - name: {{ include "k8skeycloak-controller.fullname" . }}-proxy + name: {{ include "keycloak-controller.fullname" . }}-proxy labels: - app.kubernetes.io/name: {{ include "k8skeycloak-controller.name" . }} + app.kubernetes.io/name: {{ include "keycloak-controller.name" . }} app.kubernetes.io/instance: {{ .Release.Name }} app.kubernetes.io/managed-by: {{ .Release.Service }} - helm.sh/chart: {{ include "k8skeycloak-controller.chart" . }} + helm.sh/chart: {{ include "keycloak-controller.chart" . }} roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole - name: {{ include "k8skeycloak-controller.fullname" . }}-proxy + name: {{ include "keycloak-controller.fullname" . }}-proxy subjects: - kind: ServiceAccount - name: {{ template "k8skeycloak-controller.serviceAccountName" . }} + name: {{ template "keycloak-controller.serviceAccountName" . }} namespace: {{ .Release.Namespace }} --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: - name: {{ include "k8skeycloak-controller.fullname" . }}-proxy + name: {{ include "keycloak-controller.fullname" . }}-proxy labels: - app.kubernetes.io/name: {{ include "k8skeycloak-controller.name" . }} + app.kubernetes.io/name: {{ include "keycloak-controller.name" . }} app.kubernetes.io/instance: {{ .Release.Name }} app.kubernetes.io/managed-by: {{ .Release.Service }} - helm.sh/chart: {{ include "k8skeycloak-controller.chart" . }} + helm.sh/chart: {{ include "keycloak-controller.chart" . }} rules: - apiGroups: - authentication.k8s.io diff --git a/chart/k8skeycloak-controller/templates/podmonitor.yaml b/chart/keycloak-controller/templates/podmonitor.yaml similarity index 80% rename from chart/k8skeycloak-controller/templates/podmonitor.yaml rename to chart/keycloak-controller/templates/podmonitor.yaml index b274a1e7..83b25552 100644 --- a/chart/k8skeycloak-controller/templates/podmonitor.yaml +++ b/chart/keycloak-controller/templates/podmonitor.yaml @@ -2,12 +2,12 @@ apiVersion: monitoring.coreos.com/v1 kind: PodMonitor metadata: - name: {{ include "k8skeycloak-controller.fullname" . }} + name: {{ include "keycloak-controller.fullname" . }} labels: - app.kubernetes.io/name: {{ include "k8skeycloak-controller.name" . }} + app.kubernetes.io/name: {{ include "keycloak-controller.name" . }} app.kubernetes.io/instance: {{ .Release.Name }} app.kubernetes.io/managed-by: {{ .Release.Service }} - helm.sh/chart: {{ include "k8skeycloak-controller.chart" . }} + helm.sh/chart: {{ include "keycloak-controller.chart" . }} {{- range $key, $value := .Values.podMonitor.additionalLabels }} {{ $key }}: {{ $value | quote }} {{- end }} @@ -24,7 +24,7 @@ spec: scheme: https bearerTokenSecret: key: token - name: {{ template "k8skeycloak-controller.serviceAccountName" . }} + name: {{ template "keycloak-controller.serviceAccountName" . }} tlsConfig: insecureSkipVerify: true {{- else }} @@ -41,7 +41,7 @@ spec: - {{ .Release.Namespace }} selector: matchLabels: - app.kubernetes.io/name: {{ include "k8skeycloak-controller.name" . }} + app.kubernetes.io/name: {{ include "keycloak-controller.name" . }} app.kubernetes.io/instance: {{ .Release.Name }} {{- if .Values.podMonitor.targetLabels }} targetLabels: diff --git a/chart/k8skeycloak-controller/templates/prometheusrule.yaml b/chart/keycloak-controller/templates/prometheusrule.yaml similarity index 71% rename from chart/k8skeycloak-controller/templates/prometheusrule.yaml rename to chart/keycloak-controller/templates/prometheusrule.yaml index 654be9b1..ee117c93 100644 --- a/chart/k8skeycloak-controller/templates/prometheusrule.yaml +++ b/chart/keycloak-controller/templates/prometheusrule.yaml @@ -3,15 +3,15 @@ apiVersion: monitoring.coreos.com/v1 kind: PrometheusRule metadata: metadata: - name: {{ template "k8skeycloak-controller.fullname" . }} + name: {{ template "keycloak-controller.fullname" . }} {{- if .Values.prometheusRule.namespace }} namespace: {{ .Values.prometheusRule.namespace }} {{- end }} labels: - app.kubernetes.io/name: {{ include "k8skeycloak-controller.name" . }} + app.kubernetes.io/name: {{ include "keycloak-controller.name" . }} app.kubernetes.io/instance: {{ .Release.Name }} app.kubernetes.io/managed-by: {{ .Release.Service }} - helm.sh/chart: {{ include "k8skeycloak-controller.chart" . }} + helm.sh/chart: {{ include "keycloak-controller.chart" . }} {{- if .Values.prometheusRule.labels }} {{- toYaml .Values.prometheusRule.labels | nindent 4 }} {{- end }} @@ -20,7 +20,7 @@ metadata: spec: {{- with .Values.prometheusRule.rules }} groups: - - name: {{ template "k8skeycloak-controller.name" $ }} + - name: {{ template "keycloak-controller.name" $ }} rules: {{ tpl (toYaml .) $ | nindent 8 }} {{- end }} {{- end }} diff --git a/chart/k8skeycloak-controller/templates/role.yaml b/chart/keycloak-controller/templates/role.yaml similarity index 76% rename from chart/k8skeycloak-controller/templates/role.yaml rename to chart/keycloak-controller/templates/role.yaml index 46c1faa1..c9f44162 100644 --- a/chart/k8skeycloak-controller/templates/role.yaml +++ b/chart/keycloak-controller/templates/role.yaml @@ -1,12 +1,12 @@ kind: Role apiVersion: rbac.authorization.k8s.io/v1 metadata: - name: {{ template "k8skeycloak-controller.fullname" . }} + name: {{ template "keycloak-controller.fullname" . }} labels: - app.kubernetes.io/name: {{ include "k8skeycloak-controller.name" . }} + app.kubernetes.io/name: {{ include "keycloak-controller.name" . }} app.kubernetes.io/instance: {{ .Release.Name }} app.kubernetes.io/managed-by: {{ .Release.Service }} - helm.sh/chart: {{ include "k8skeycloak-controller.chart" . }} + helm.sh/chart: {{ include "keycloak-controller.chart" . }} annotations: {{- toYaml .Values.annotations | nindent 4 }} rules: diff --git a/chart/k8skeycloak-controller/templates/rolebinding.yaml b/chart/keycloak-controller/templates/rolebinding.yaml similarity index 61% rename from chart/k8skeycloak-controller/templates/rolebinding.yaml rename to chart/keycloak-controller/templates/rolebinding.yaml index 86a1e59f..43e58a5a 100644 --- a/chart/k8skeycloak-controller/templates/rolebinding.yaml +++ b/chart/keycloak-controller/templates/rolebinding.yaml @@ -1,22 +1,22 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding metadata: - name: {{ template "k8skeycloak-controller.fullname" . }} + name: {{ template "keycloak-controller.fullname" . }} labels: - app.kubernetes.io/name: {{ include "k8skeycloak-controller.name" . }} + app.kubernetes.io/name: {{ include "keycloak-controller.name" . }} app.kubernetes.io/instance: {{ .Release.Name }} app.kubernetes.io/managed-by: {{ .Release.Service }} - helm.sh/chart: {{ include "k8skeycloak-controller.chart" . }} + helm.sh/chart: {{ include "keycloak-controller.chart" . }} annotations: {{- toYaml .Values.annotations | nindent 4 }} roleRef: apiGroup: rbac.authorization.k8s.io kind: Role - name: {{ template "k8skeycloak-controller.fullname" . }} + name: {{ template "keycloak-controller.fullname" . }} subjects: - kind: ServiceAccount {{- if .Values.serviceAccount.create }} - name: {{ template "k8skeycloak-controller.fullname" . }} + name: {{ template "keycloak-controller.fullname" . }} {{- else }} name: {{ .Values.serviceAccount.name }} {{- end }} diff --git a/chart/keycloak-controller/templates/serviceaccount-token.yaml b/chart/keycloak-controller/templates/serviceaccount-token.yaml new file mode 100644 index 00000000..4ba81d5b --- /dev/null +++ b/chart/keycloak-controller/templates/serviceaccount-token.yaml @@ -0,0 +1,14 @@ +{{- if .Values.serviceAccount.create -}} +apiVersion: v1 +kind: Secret +metadata: + name: {{ template "keycloak-controller.serviceAccountName" . }} + labels: + app.kubernetes.io/name: {{ include "keycloak-controller.name" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + helm.sh/chart: {{ include "keycloak-controller.chart" . }} + annotations: + kubernetes.io/service-account.name: {{ template "keycloak-controller.serviceAccountName" . }} +type: kubernetes.io/service-account-token +{{- end -}} diff --git a/chart/k8skeycloak-controller/templates/serviceaccount.yaml b/chart/keycloak-controller/templates/serviceaccount.yaml similarity index 57% rename from chart/k8skeycloak-controller/templates/serviceaccount.yaml rename to chart/keycloak-controller/templates/serviceaccount.yaml index ca9b3e7a..95f92ed9 100644 --- a/chart/k8skeycloak-controller/templates/serviceaccount.yaml +++ b/chart/keycloak-controller/templates/serviceaccount.yaml @@ -2,12 +2,12 @@ apiVersion: v1 kind: ServiceAccount metadata: - name: {{ template "k8skeycloak-controller.serviceAccountName" . }} + name: {{ template "keycloak-controller.serviceAccountName" . }} labels: - app.kubernetes.io/name: {{ include "k8skeycloak-controller.name" . }} + app.kubernetes.io/name: {{ include "keycloak-controller.name" . }} app.kubernetes.io/instance: {{ .Release.Name }} app.kubernetes.io/managed-by: {{ .Release.Service }} - helm.sh/chart: {{ include "k8skeycloak-controller.chart" . }} + helm.sh/chart: {{ include "keycloak-controller.chart" . }} annotations: {{- toYaml .Values.annotations | nindent 4 }} {{- end -}} diff --git a/chart/k8skeycloak-controller/values.yaml b/chart/keycloak-controller/values.yaml similarity index 97% rename from chart/k8skeycloak-controller/values.yaml rename to chart/keycloak-controller/values.yaml index 027f04e9..356e3b13 100644 --- a/chart/k8skeycloak-controller/values.yaml +++ b/chart/keycloak-controller/values.yaml @@ -8,7 +8,7 @@ fullnameOverride: "" image: pullPolicy: IfNotPresent - repository: ghcr.io/doodlescheduling/k8skeycloak-controller + repository: ghcr.io/doodlescheduling/keycloak-controller imagePullSecrets: [] diff --git a/config/base/components/prometheus/kustomization.yaml b/config/base/components/prometheus/kustomization.yaml index fbfe217f..d581d67c 100644 --- a/config/base/components/prometheus/kustomization.yaml +++ b/config/base/components/prometheus/kustomization.yaml @@ -31,7 +31,7 @@ patches: requests: cpu: 5m memory: 64Mi - - name: k8skeycloak-controller + - name: keycloak-controller args: - --enable-leader-election - --metrics-addr=127.0.0.1:9556 diff --git a/config/base/manager/deployment.yaml b/config/base/manager/deployment.yaml index 9bdbcd46..7efcf28c 100644 --- a/config/base/manager/deployment.yaml +++ b/config/base/manager/deployment.yaml @@ -21,8 +21,8 @@ spec: - /manager args: - --enable-leader-election - image: ghcr.io/doodlescheduling/k8skeycloak-controller:latest - name: k8skeycloak-controller + image: ghcr.io/doodlescheduling/keycloak-controller:latest + name: keycloak-controller imagePullPolicy: Never ports: - name: metrics diff --git a/config/base/manager/kustomization.yaml b/config/base/manager/kustomization.yaml index 36999e40..4444c199 100644 --- a/config/base/manager/kustomization.yaml +++ b/config/base/manager/kustomization.yaml @@ -1,9 +1,9 @@ apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization -namePrefix: k8skeycloak- +namePrefix: keycloak- resources: - deployment.yaml - sa.yaml images: -- name: ghcr.io/doodlescheduling/k8skeycloak-controller +- name: ghcr.io/doodlescheduling/keycloak-controller newTag: v1.0.1 diff --git a/config/default/kustomization.yaml b/config/default/kustomization.yaml index 7c102b3e..0064ea3b 100644 --- a/config/default/kustomization.yaml +++ b/config/default/kustomization.yaml @@ -1,6 +1,6 @@ apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization -namespace: k8skeycloak-system +namespace: keycloak-system bases: - namespace.yaml - ../base/rbac diff --git a/config/default/namespace.yaml b/config/default/namespace.yaml index f6a133b0..9e733635 100644 --- a/config/default/namespace.yaml +++ b/config/default/namespace.yaml @@ -3,4 +3,4 @@ kind: Namespace metadata: labels: control-plane: controller-manager - name: k8skeycloak-system + name: keycloak-system diff --git a/config/tests/base/kustomization.yaml b/config/tests/base/kustomization.yaml index eb17d11a..974071e1 100644 --- a/config/tests/base/kustomization.yaml +++ b/config/tests/base/kustomization.yaml @@ -4,3 +4,4 @@ kind: Kustomization resources: - secret.yaml - keycloakrealm.yaml +- verify-pod.yaml \ No newline at end of file diff --git a/config/tests/base/verify-pod.yaml b/config/tests/base/verify-pod.yaml new file mode 100644 index 00000000..14db20eb --- /dev/null +++ b/config/tests/base/verify-pod.yaml @@ -0,0 +1,25 @@ +apiVersion: v1 +kind: Pod +metadata: + name: verify + labels: + verify: yes +spec: + restartPolicy: OnFailure + containers: + - image: curlimages/curl:8.1.2 + imagePullPolicy: IfNotPresent + name: verify + args: + - -v + - --fail + - http://keycloakx-http/auth/realms/test/.well-known/openid-configuration + resources: {} + securityContext: + allowPrivilegeEscalation: false + readOnlyRootFilesystem: false + runAsGroup: 1000 + runAsNonRoot: true + runAsUser: 1000 + terminationMessagePath: /dev/termination-log + terminationMessagePolicy: File diff --git a/config/tests/cases/keycloak-v18/kustomization.yaml b/config/tests/cases/keycloak-v18/kustomization.yaml index a4d45eb6..7d5be379 100644 --- a/config/tests/cases/keycloak-v18/kustomization.yaml +++ b/config/tests/cases/keycloak-v18/kustomization.yaml @@ -1,6 +1,6 @@ apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization -namespace: k8skeycloak-system +namespace: keycloak-system resources: - ../../../default @@ -11,7 +11,7 @@ helmCharts: name: keycloakx version: 2.0.0 releaseName: keycloakx - namespace: k8skeycloak-system + namespace: keycloak-system valuesInline: image: tag: "18.0.2" @@ -35,9 +35,9 @@ helmCharts: -Djgroups.dns.query=keycloakx-headless images: -- name: ghcr.io/doodlescheduling/k8skeycloak-controller +- name: ghcr.io/doodlescheduling/keycloak-controller newTag: latest - newName: k8skeycloak-controller + newName: keycloak-controller patchesStrategicMerge: - | diff --git a/config/tests/cases/keycloak-v20/kustomization.yaml b/config/tests/cases/keycloak-v20/kustomization.yaml index b200a4a7..6eaad964 100644 --- a/config/tests/cases/keycloak-v20/kustomization.yaml +++ b/config/tests/cases/keycloak-v20/kustomization.yaml @@ -1,6 +1,6 @@ apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization -namespace: k8skeycloak-system +namespace: keycloak-system resources: - ../../../default @@ -11,7 +11,7 @@ helmCharts: name: keycloakx version: 2.0.0 releaseName: keycloakx - namespace: k8skeycloak-system + namespace: keycloak-system valuesInline: image: tag: "20.0.1" @@ -33,9 +33,9 @@ helmCharts: -Djgroups.dns.query=keycloakx-headless images: -- name: ghcr.io/doodlescheduling/k8skeycloak-controller +- name: ghcr.io/doodlescheduling/keycloak-controller newTag: latest - newName: k8skeycloak-controller + newName: keycloak-controller patchesStrategicMerge: - | diff --git a/go.mod b/go.mod index 843563e6..197660ba 100644 --- a/go.mod +++ b/go.mod @@ -1,4 +1,4 @@ -module github.com/DoodleScheduling/k8skeycloak-controller +module github.com/DoodleScheduling/keycloak-controller go 1.20 diff --git a/internal/controllers/keycloakrealm_controller.go b/internal/controllers/keycloakrealm_controller.go index 95c9576d..a19a1e8a 100644 --- a/internal/controllers/keycloakrealm_controller.go +++ b/internal/controllers/keycloakrealm_controller.go @@ -44,8 +44,8 @@ import ( "sigs.k8s.io/controller-runtime/pkg/predicate" "sigs.k8s.io/controller-runtime/pkg/reconcile" - infrav1beta1 "github.com/DoodleScheduling/k8skeycloak-controller/api/v1beta1" - "github.com/DoodleScheduling/k8skeycloak-controller/internal/proxy" + infrav1beta1 "github.com/DoodleScheduling/keycloak-controller/api/v1beta1" + "github.com/DoodleScheduling/keycloak-controller/internal/proxy" ) // +kubebuilder:rbac:groups=keycloak.infra.doodle.com,resources=keycloakclients,verbs=get;list;watch;create;update;patch;delete diff --git a/internal/controllers/suite_test.go b/internal/controllers/suite_test.go index 782cd66c..a7f707f1 100644 --- a/internal/controllers/suite_test.go +++ b/internal/controllers/suite_test.go @@ -32,7 +32,7 @@ import ( logf "sigs.k8s.io/controller-runtime/pkg/log" "sigs.k8s.io/controller-runtime/pkg/log/zap" - metricsinfradoodlecomv1beta1 "github.com/DoodleScheduling/k8skeycloak-controller/api/v1beta1" + metricsinfradoodlecomv1beta1 "github.com/DoodleScheduling/keycloak-controller/api/v1beta1" //+kubebuilder:scaffold:imports ) diff --git a/internal/otelsetup/options.go b/internal/otelsetup/options.go index 5b61611e..f9ef1134 100644 --- a/internal/otelsetup/options.go +++ b/internal/otelsetup/options.go @@ -47,7 +47,7 @@ func (o *Options) getTLSConfig() (*tls.Config, error) { // BindFlags will parse the given pflag.FlagSet func (o *Options) BindFlags(fs *pflag.FlagSet) { - fs.StringVar(&o.ServiceName, "otel-service-name", "k8skeycloak-controller", "Opentelemetry service name") + fs.StringVar(&o.ServiceName, "otel-service-name", "keycloak-controller", "Opentelemetry service name") fs.StringVar(&o.Endpoint, "otel-endpoint", "", "Opentelemetry gRPC endpoint (without protocol)") fs.BoolVar(&o.Insecure, "otel-insecure", false, "Opentelemetry gRPC disable tls") fs.StringVar(&o.TLSClientKeyPath, "otel-tls-client-key-path", "", "Opentelemetry gRPC mTLS client key path") diff --git a/internal/proxy/proxy.go b/internal/proxy/proxy.go index d9075517..c01a9d73 100644 --- a/internal/proxy/proxy.go +++ b/internal/proxy/proxy.go @@ -15,7 +15,7 @@ import ( "go.opentelemetry.io/otel/attribute" oteltrace "go.opentelemetry.io/otel/trace" - infrav1beta1 "github.com/DoodleScheduling/k8skeycloak-controller/api/v1beta1" + infrav1beta1 "github.com/DoodleScheduling/keycloak-controller/api/v1beta1" ) type proxy struct { @@ -55,7 +55,7 @@ func New(realm infrav1beta1.KeycloakRealm, logger logr.Logger, failedRequests ch } go func() { - _ = http.Serve(socket, otelhttp.NewHandler(&proxy, "k8skeycloak-controller")) + _ = http.Serve(socket, otelhttp.NewHandler(&proxy, "keycloak-controller")) }() return socket, nil diff --git a/main.go b/main.go index 3c93a033..e2a4ed40 100644 --- a/main.go +++ b/main.go @@ -22,9 +22,9 @@ import ( "os" "time" - infrav1beta1 "github.com/DoodleScheduling/k8skeycloak-controller/api/v1beta1" - "github.com/DoodleScheduling/k8skeycloak-controller/internal/controllers" - "github.com/DoodleScheduling/k8skeycloak-controller/internal/otelsetup" + infrav1beta1 "github.com/DoodleScheduling/keycloak-controller/api/v1beta1" + "github.com/DoodleScheduling/keycloak-controller/internal/controllers" + "github.com/DoodleScheduling/keycloak-controller/internal/otelsetup" "github.com/fluxcd/pkg/runtime/client" helper "github.com/fluxcd/pkg/runtime/controller" "github.com/fluxcd/pkg/runtime/leaderelection" @@ -41,7 +41,7 @@ import ( // +kubebuilder:scaffold:imports ) -const controllerName = "k8skeycloak-controller" +const controllerName = "keycloak-controller" var ( scheme = runtime.NewScheme()