diff --git a/automation/dbildungs-iam-keycloak/Chart.yaml b/automation/dbildungs-iam-keycloak/Chart.yaml index 0085db502..8c16e8a33 100644 --- a/automation/dbildungs-iam-keycloak/Chart.yaml +++ b/automation/dbildungs-iam-keycloak/Chart.yaml @@ -1,6 +1,6 @@ apiVersion: v2 -appVersion: SPSH-1324 +appVersion: SPSH-1195 description: A Helm Chart for the dbildungs-iam-keycloak name: dbildungs-iam-keycloak type: application -version: 0.0.0-spsh-1324-20241119-1434 +version: 0.0.0-spsh-1195-20241119-1628 diff --git a/automation/dbildungs-iam-keycloak/dev-realm-spsh.json b/automation/dbildungs-iam-keycloak/dev-realm-spsh.json index 4ec3a287c..28b788289 100644 --- a/automation/dbildungs-iam-keycloak/dev-realm-spsh.json +++ b/automation/dbildungs-iam-keycloak/dev-realm-spsh.json @@ -929,7 +929,7 @@ "description": "", "rootUrl": "${KC_ROOT_URL}", "adminUrl": "", - "baseUrl": "${KC_ROOT_URL}", + "baseUrl": "", "surrogateAuthRequired": false, "enabled": true, "alwaysDisplayInConsole": false, @@ -1983,6 +1983,7 @@ "loginTheme": "schulportal", "eventsEnabled": false, "eventsListeners": [ + "metrics-listener", "jboss-logging" ], "enabledEventTypes": [], diff --git a/automation/dbildungs-iam-keycloak/prod-realm-spsh.json b/automation/dbildungs-iam-keycloak/prod-realm-spsh.json index 673a03691..0a875952c 100644 --- a/automation/dbildungs-iam-keycloak/prod-realm-spsh.json +++ b/automation/dbildungs-iam-keycloak/prod-realm-spsh.json @@ -927,7 +927,7 @@ "description": "", "rootUrl": "${KC_ROOT_URL}", "adminUrl": "", - "baseUrl": "${KC_ROOT_URL}", + "baseUrl": "", "surrogateAuthRequired": false, "enabled": true, "alwaysDisplayInConsole": false, @@ -1820,6 +1820,7 @@ "loginTheme": "schulportal", "eventsEnabled": false, "eventsListeners": [ + "metrics-listener", "jboss-logging" ], "enabledEventTypes": [], diff --git a/automation/dbildungs-iam-keycloak/templates/configmap.yaml b/automation/dbildungs-iam-keycloak/templates/configmap.yaml index 4fbaf3eb2..d18a72055 100644 --- a/automation/dbildungs-iam-keycloak/templates/configmap.yaml +++ b/automation/dbildungs-iam-keycloak/templates/configmap.yaml @@ -12,4 +12,3 @@ data: KC_PROXY: "edge" KEYCLOAK_ADMIN: admin KC_HTTP_MANAGEMENT_PORT: "8090" - STATUS_URL: "{{ .Values.status.url }}" \ No newline at end of file diff --git a/automation/dbildungs-iam-keycloak/templates/deployment.yaml b/automation/dbildungs-iam-keycloak/templates/deployment.yaml index 50d66b5f6..14d5ad4b2 100644 --- a/automation/dbildungs-iam-keycloak/templates/deployment.yaml +++ b/automation/dbildungs-iam-keycloak/templates/deployment.yaml @@ -10,9 +10,7 @@ spec: matchLabels: app.kubernetes.io/name: {{ template "common.names.name" . }} app.kubernetes.io/component: keycloak - {{- if not .Values.autoscaling.enabled }} replicas: {{ .Values.replicaCount }} - {{- end }} template: metadata: labels: @@ -30,9 +28,8 @@ spec: {{- toYaml .command | nindent 16 }} {{- end }} args: - # - "--cache" - # - "local" - - "--optimized" + - "--cache" + - "local" - "--hostname" - "{{ tpl .Values.keycloakHostname . }}" - "--import-realm" @@ -48,8 +45,6 @@ spec: livenessProbe: {{- omit .Values.livenessProbe "enabled" | toYaml | nindent 12 }} readinessProbe: {{- omit .Values.readinessProbe "enabled" | toYaml | nindent 12 }} env: - - name: JAVA_OPTS_APPEND - value: "-Djgroups.dns.query={{ template "common.names.name" . }}-headless.{{ template "common.names.namespace" . }}.svc.cluster.local" - name: KEYCLOAK_ADMIN_PASSWORD valueFrom: secretKeyRef: diff --git a/automation/dbildungs-iam-keycloak/templates/headless-service.yaml b/automation/dbildungs-iam-keycloak/templates/headless-service.yaml deleted file mode 100644 index 210a79b71..000000000 --- a/automation/dbildungs-iam-keycloak/templates/headless-service.yaml +++ /dev/null @@ -1,23 +0,0 @@ -apiVersion: v1 -kind: Service -metadata: - name: {{ template "common.names.name" . }}-headless - namespace: {{ template "common.names.namespace" . }} - labels: - {{- include "common.labels" . | nindent 4 }} -spec: - selector: - app.kubernetes.io/name: {{ template "common.names.name" . }} - app.kubernetes.io/component: keycloak - type: {{ .Values.service.type }} - clusterIP: "None" - ports: - {{- if .Values.service.http.enabled }} - - name: http - port: {{ .Values.service.ports.http }} - targetPort: web - {{- end }} - - port: 8090 - targetPort: 8090 - protocol: TCP - name: mgmt \ No newline at end of file diff --git a/automation/dbildungs-iam-keycloak/templates/hpa.yaml b/automation/dbildungs-iam-keycloak/templates/hpa.yaml deleted file mode 100644 index 47d4bb9a3..000000000 --- a/automation/dbildungs-iam-keycloak/templates/hpa.yaml +++ /dev/null @@ -1,26 +0,0 @@ -{{- if .Values.autoscaling.enabled }} -apiVersion: autoscaling/v2 -kind: HorizontalPodAutoscaler -metadata: - name: {{ include "common.names.name" . }} - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: {{ include "common.names.name" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/version: {{ .Chart.AppVersion }} - app.kubernetes.io/managed-by: {{ .Release.Service }} -spec: - scaleTargetRef: - apiVersion: apps/v1 - kind: Deployment - name: {{ include "common.names.name" . }} - minReplicas: {{ .Values.autoscaling.minReplicas }} - maxReplicas: {{ .Values.autoscaling.maxReplicas }} - metrics: - - type: Resource - resource: - name: cpu - target: - type: Utilization - averageUtilization: {{ .Values.autoscaling.targetCPUUtilizationPercentage }} -{{- end }} \ No newline at end of file diff --git a/automation/dbildungs-iam-keycloak/templates/keycloak-servicemonitor.yaml b/automation/dbildungs-iam-keycloak/templates/keycloak-servicemonitor.yaml new file mode 100644 index 000000000..85a83f34d --- /dev/null +++ b/automation/dbildungs-iam-keycloak/templates/keycloak-servicemonitor.yaml @@ -0,0 +1,21 @@ +{{- if .Values.keycloak.serviceMonitor.enabled }} +apiVersion: monitoring.coreos.com/v1 +kind: ServiceMonitor +metadata: + name: {{ template "common.names.name" . }} + namespace: {{ template "common.names.namespace" . }} + labels: + {{- include "common.labels" . | nindent 4 }} + app.kubernetes.io/component: keycloak +spec: + namespaceSelector: + matchNames: + - {{ include "common.names.namespace" . | quote }} + selector: + matchLabels: + app.kubernetes.io/name: {{ template "common.names.name" . }} + endpoints: + - port: {{ .Values.keycloak.serviceMonitor.port }} + path: {{ .Values.keycloak.serviceMonitor.path }} + interval: {{ .Values.keycloak.serviceMonitor.interval | default "30s" }} +{{- end }} diff --git a/automation/dbildungs-iam-keycloak/values.yaml b/automation/dbildungs-iam-keycloak/values.yaml index 86072ca7b..300c50122 100644 --- a/automation/dbildungs-iam-keycloak/values.yaml +++ b/automation/dbildungs-iam-keycloak/values.yaml @@ -6,7 +6,7 @@ replicaCount: 1 image: repository: ghcr.io/dbildungsplattform/dbildungs-iam-keycloak tag: "" - pullPolicy: Always + pullPolicy: Always auth: # existingSecret: Refers to a secret already present in the cluster, which is required for the authentication and configuration of the database setup tasks. @@ -38,7 +38,7 @@ database: password: "" username: "dbildungs_iam_keycloak" -realm: +realm: name: dbilduns-iam-keycloak-realm filepath: "dev-realm-spsh.json" @@ -110,11 +110,9 @@ service: ports: http: 80 -autoscaling: - enabled: false - minReplicas: 1 - maxReplicas: 5 - targetCPUUtilizationPercentage: 60 - -status: - url: "https://status.dev.spsh.dbildungsplattform.de/" +keycloak: + serviceMonitor: + enabled: true + path: "/realms/SPSH/metrics" + endpoints: + - port: 'http' \ No newline at end of file