marko/HelmChartSammlung
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
4e662f3b12333d24dae67e8d8157e5c57961c655
HelmChartSammlung/charts/keycloak/templates/service.yaml
Marko Oldenburg ba8d52be03 Add support for automated TLS certificates in Keycloak 
This update introduces significant enhancements to the Keycloak chart,
particularly regarding TLS certificate management. The changes include:

- Added the capability to automatically generate and manage TLS certificates
  using Cert-Manager or Helm, improving the security posture by using
  self-signed certificates in development scenarios.
- Implemented a dedicated ConfigMap to hold keycloak-config-cli
  configurations and ensured that it is integrated with the job for
  configuration synchronization.
- Enhanced the handling of admin ingress settings and TLS secrets,
  facilitating smoother access and management for multi-host deployments.
- Refactored and reorganized sections to improve readability and maintainability
  of templates, ensuring adherence to best practices in Helm charts.

These improvements aim to streamline deployment, enhance security features,
and simplify the management of certificates, facilitating easier
Kubernetes operations for users.
2025-08-31 09:40:48 +02:00

68 lines
3.2 KiB
YAML
Raw Blame History

{{- /*
Copyright Broadcom, Inc. All Rights Reserved.
SPDX-License-Identifier: APACHE-2.0
*/}}
apiVersion: v1
kind: Service
metadata:
name: {{ template "common.names.fullname" . }}
namespace: {{ include "common.names.namespace" . | quote }}
labels: {{- include "common.labels.standard" (dict "customLabels" .Values.commonLabels "context" .) | nindent 4 }}
app.kubernetes.io/component: keycloak
app.kubernetes.io/part-of: keycloak
{{- if or .Values.service.annotations .Values.commonAnnotations }}
{{- $annotations := include "common.tplvalues.merge" (dict "values" (list .Values.service.annotations .Values.commonAnnotations) "context" .) }}
annotations: {{- include "common.tplvalues.render" (dict "value" $annotations "context" .) | nindent 4 }}
{{- end }}
spec:
type: {{ .Values.service.type }}
{{- if and .Values.service.clusterIP (eq .Values.service.type "ClusterIP") }}
clusterIP: {{ .Values.service.clusterIP }}
{{- end }}
{{- if or (eq .Values.service.type "LoadBalancer") (eq .Values.service.type "NodePort") }}
externalTrafficPolicy: {{ .Values.service.externalTrafficPolicy | quote }}
{{- end }}
{{- if and (eq .Values.service.type "LoadBalancer") (not (empty .Values.service.loadBalancerSourceRanges)) }}
loadBalancerSourceRanges: {{ .Values.service.loadBalancerSourceRanges }}
{{- end }}
{{- if and (eq .Values.service.type "LoadBalancer") (not (empty .Values.service.loadBalancerIP)) }}
loadBalancerIP: {{ .Values.service.loadBalancerIP }}
{{- end }}
{{- if .Values.service.sessionAffinity }}
sessionAffinity: {{ .Values.service.sessionAffinity }}
{{- end }}
{{- if .Values.service.sessionAffinityConfig }}
sessionAffinityConfig: {{- include "common.tplvalues.render" (dict "value" .Values.service.sessionAffinityConfig "context" .) | nindent 4 }}
{{- end }}
ports:
{{- if .Values.service.http.enabled }}
- name: http
port: {{ .Values.service.ports.http }}
protocol: TCP
targetPort: http
{{- if and (or (eq .Values.service.type "NodePort") (eq .Values.service.type "LoadBalancer")) (not (empty .Values.service.nodePorts.http)) }}
nodePort: {{ .Values.service.nodePorts.http }}
{{- else if eq .Values.service.type "ClusterIP" }}
nodePort: null
{{- end }}
{{- end }}
{{- if .Values.tls.enabled }}
- name: https
port: {{ .Values.service.ports.https}}
protocol: TCP
targetPort: https
{{- if and (or (eq .Values.service.type "NodePort") (eq .Values.service.type "LoadBalancer")) (not (empty .Values.service.nodePorts.https)) }}
nodePort: {{ .Values.service.nodePorts.https }}
{{- else if eq .Values.service.type "ClusterIP" }}
nodePort: null
{{- end }}
{{- end }}
{{- if .Values.service.extraPorts }}
{{- include "common.tplvalues.render" (dict "value" .Values.service.extraPorts "context" .) | nindent 4 }}
{{- end }}
{{- $podLabels := include "common.tplvalues.merge" (dict "values" (list .Values.podLabels .Values.commonLabels) "context" .) }}
selector: {{- include "common.labels.matchLabels" (dict "customLabels" $podLabels "context" .) | nindent 4 }}
app.kubernetes.io/component: keycloak
app.kubernetes.io/part-of: keycloak
Reference in New Issue View Git Blame Copy Permalink