You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@datalab.apache.org by my...@apache.org on 2020/11/19 09:24:36 UTC
[incubator-datalab] 01/02: [DLAB-2102]: keycloak test
This is an automated email from the ASF dual-hosted git repository.
mykolabodnar pushed a commit to branch DATALAB-2102
in repository https://gitbox.apache.org/repos/asf/incubator-datalab.git
commit f62198601546861e90551159eec0e6692e2b3a44
Author: bodnarmykola <bo...@gmail.com>
AuthorDate: Thu Nov 19 11:22:29 2020 +0200
[DLAB-2102]: keycloak test
---
.../modules/helm_charts/keycloak-chart/Chart.yaml | 22 --
.../keycloak-chart/ci/postgres-ha-values.yaml | 34 ++
.../helm_charts/keycloak-chart/requirements.lock | 6 +
.../helm_charts/keycloak-chart/requirements.yaml | 5 +
.../keycloak-chart/scripts/datasource.cli | 8 +
.../helm_charts/keycloak-chart/scripts/ha.cli | 9 +
.../helm_charts/keycloak-chart/scripts/logging.cli | 11 +
.../keycloak-chart/scripts/node-identifier.cli | 3 +
.../templates/test/configmap-test.yaml | 54 +++
.../keycloak-chart/templates/test/pod-test.yaml | 39 +++
.../modules/helm_charts/keycloak-chart/values.yaml | 382 +++++++++++++++++++++
11 files changed, 551 insertions(+), 22 deletions(-)
diff --git a/infrastructure-provisioning/terraform/gcp/ssn-gke/main/modules/helm_charts/keycloak-chart/Chart.yaml b/infrastructure-provisioning/terraform/gcp/ssn-gke/main/modules/helm_charts/keycloak-chart/Chart.yaml
deleted file mode 100644
index 3c4d444..0000000
--- a/infrastructure-provisioning/terraform/gcp/ssn-gke/main/modules/helm_charts/keycloak-chart/Chart.yaml
+++ /dev/null
@@ -1,22 +0,0 @@
-apiVersion: v1
-name: keycloak
-version: 7.0.0
-appVersion: 8.0.1
-description: Open Source Identity and Access Management For Modern Applications and Services
-keywords:
- - sso
- - idm
- - openid connect
- - saml
- - kerberos
- - ldap
-home: https://www.keycloak.org/
-icon: https://www.keycloak.org/resources/images/keycloak_logo_480x108.png
-sources:
- - https://github.com/codecentric/helm-charts
- - https://github.com/jboss-dockerfiles/keycloak
-maintainers:
- - name: unguiculus
- email: unguiculus@gmail.com
- - name: thomasdarimont
- email: thomas.darimont+github@gmail.com
diff --git a/infrastructure-provisioning/terraform/gcp/ssn-gke/main/modules/helm_charts/keycloak-chart/ci/postgres-ha-values.yaml b/infrastructure-provisioning/terraform/gcp/ssn-gke/main/modules/helm_charts/keycloak-chart/ci/postgres-ha-values.yaml
new file mode 100644
index 0000000..fa51ede
--- /dev/null
+++ b/infrastructure-provisioning/terraform/gcp/ssn-gke/main/modules/helm_charts/keycloak-chart/ci/postgres-ha-values.yaml
@@ -0,0 +1,34 @@
+keycloak:
+ replicas: 2
+ password: keycloak
+
+ podLabels:
+ test-label: test-label-value
+ podAnnotations:
+ test-annotation: "test-annotation-value-{{ .Release.Name }}"
+ test-int-annotation: "12345"
+
+ startupScripts:
+ hello.sh: |
+ #!/bin/sh
+
+ echo '********************************************************************************'
+ echo '* *'
+ echo '* Hello from my startup script! *'
+ echo '* *'
+ echo '********************************************************************************'
+
+ lifecycleHooks: |
+ postStart:
+ exec:
+ command: ["/bin/sh", "-c", "echo 'Hello from lifecycle hook!'"]
+
+ persistence:
+ deployPostgres: true
+ dbVendor: postgres
+
+postgresql:
+ postgresqlPassword: keycloak
+ persistence:
+ enabled: true
+ storageClass: local-path
diff --git a/infrastructure-provisioning/terraform/gcp/ssn-gke/main/modules/helm_charts/keycloak-chart/requirements.lock b/infrastructure-provisioning/terraform/gcp/ssn-gke/main/modules/helm_charts/keycloak-chart/requirements.lock
new file mode 100644
index 0000000..b8c2e86
--- /dev/null
+++ b/infrastructure-provisioning/terraform/gcp/ssn-gke/main/modules/helm_charts/keycloak-chart/requirements.lock
@@ -0,0 +1,6 @@
+dependencies:
+- name: postgresql
+ repository: https://kubernetes-charts.storage.googleapis.com/
+ version: 6.3.13
+digest: sha256:4bb0449bc5cb166117da05155a863a386fc6b04cea6428f2781d675711ea40a4
+generated: "2019-10-12T21:45:14.112985+02:00"
diff --git a/infrastructure-provisioning/terraform/gcp/ssn-gke/main/modules/helm_charts/keycloak-chart/requirements.yaml b/infrastructure-provisioning/terraform/gcp/ssn-gke/main/modules/helm_charts/keycloak-chart/requirements.yaml
new file mode 100644
index 0000000..fa6849b
--- /dev/null
+++ b/infrastructure-provisioning/terraform/gcp/ssn-gke/main/modules/helm_charts/keycloak-chart/requirements.yaml
@@ -0,0 +1,5 @@
+dependencies:
+ - name: postgresql
+ version: 6.3.13
+ repository: https://kubernetes-charts.storage.googleapis.com/
+ condition: keycloak.persistence.deployPostgres
diff --git a/infrastructure-provisioning/terraform/gcp/ssn-gke/main/modules/helm_charts/keycloak-chart/scripts/datasource.cli b/infrastructure-provisioning/terraform/gcp/ssn-gke/main/modules/helm_charts/keycloak-chart/scripts/datasource.cli
new file mode 100644
index 0000000..4499967
--- /dev/null
+++ b/infrastructure-provisioning/terraform/gcp/ssn-gke/main/modules/helm_charts/keycloak-chart/scripts/datasource.cli
@@ -0,0 +1,8 @@
+# Configure datasource to use explicit query timeout in seconds
+/subsystem=datasources/data-source=KeycloakDS/:write-attribute(name=query-timeout,value=${env.DB_QUERY_TIMEOUT:300})
+
+# Configure datasource to connection before use
+/subsystem=datasources/data-source=KeycloakDS/:write-attribute(name=validate-on-match,value=${env.DB_VALIDATE_ON_MATCH:true})
+
+# Configure datasource to try all other connections before failing
+/subsystem=datasources/data-source=KeycloakDS/:write-attribute(name=use-fast-fail,value=${env.DB_USE_CAST_FAIL:false})
diff --git a/infrastructure-provisioning/terraform/gcp/ssn-gke/main/modules/helm_charts/keycloak-chart/scripts/ha.cli b/infrastructure-provisioning/terraform/gcp/ssn-gke/main/modules/helm_charts/keycloak-chart/scripts/ha.cli
new file mode 100644
index 0000000..4e8a8de
--- /dev/null
+++ b/infrastructure-provisioning/terraform/gcp/ssn-gke/main/modules/helm_charts/keycloak-chart/scripts/ha.cli
@@ -0,0 +1,9 @@
+/subsystem=infinispan/cache-container=keycloak/distributed-cache=sessions:write-attribute(name=owners, value=${env.CACHE_OWNERS:2})
+/subsystem=infinispan/cache-container=keycloak/distributed-cache=authenticationSessions:write-attribute(name=owners, value=${env.CACHE_OWNERS:2})
+/subsystem=infinispan/cache-container=keycloak/distributed-cache=offlineSessions:write-attribute(name=owners, value=${env.CACHE_OWNERS:2})
+/subsystem=infinispan/cache-container=keycloak/distributed-cache=clientSessions:write-attribute(name=owners, value=${env.CACHE_OWNERS:2})
+/subsystem=infinispan/cache-container=keycloak/distributed-cache=offlineClientSessions:write-attribute(name=owners, value=${env.CACHE_OWNERS:2})
+/subsystem=infinispan/cache-container=keycloak/distributed-cache=loginFailures:write-attribute(name=owners, value=${env.CACHE_OWNERS:2})
+/subsystem=infinispan/cache-container=keycloak/distributed-cache=actionTokens:write-attribute(name=owners, value=${env.CACHE_OWNERS:2})
+
+/subsystem=jgroups/channel=ee:write-attribute(name=stack, value=tcp)
diff --git a/infrastructure-provisioning/terraform/gcp/ssn-gke/main/modules/helm_charts/keycloak-chart/scripts/logging.cli b/infrastructure-provisioning/terraform/gcp/ssn-gke/main/modules/helm_charts/keycloak-chart/scripts/logging.cli
new file mode 100644
index 0000000..27647ea
--- /dev/null
+++ b/infrastructure-provisioning/terraform/gcp/ssn-gke/main/modules/helm_charts/keycloak-chart/scripts/logging.cli
@@ -0,0 +1,11 @@
+# Allow log level to be configured via environment variable
+/subsystem=logging/console-handler=CONSOLE:write-attribute(name=level, value=${env.WILDFLY_LOGLEVEL:INFO})
+/subsystem=logging/root-logger=ROOT:write-attribute(name=level, value=${env.WILDFLY_LOGLEVEL:INFO})
+
+# Add dedicated eventsListener config element to allow configuring elements.
+/subsystem=keycloak-server/spi=eventsListener:add()
+/subsystem=keycloak-server/spi=eventsListener/provider=jboss-logging:add(enabled=true)
+
+# Propagate success events to INFO instead of DEBUG, to expose successful logins for log analysis
+/subsystem=keycloak-server/spi=eventsListener/provider=jboss-logging:write-attribute(name=properties.success-level,value=info)
+/subsystem=keycloak-server/spi=eventsListener/provider=jboss-logging:write-attribute(name=properties.error-level,value=warn)
diff --git a/infrastructure-provisioning/terraform/gcp/ssn-gke/main/modules/helm_charts/keycloak-chart/scripts/node-identifier.cli b/infrastructure-provisioning/terraform/gcp/ssn-gke/main/modules/helm_charts/keycloak-chart/scripts/node-identifier.cli
new file mode 100644
index 0000000..de0f950
--- /dev/null
+++ b/infrastructure-provisioning/terraform/gcp/ssn-gke/main/modules/helm_charts/keycloak-chart/scripts/node-identifier.cli
@@ -0,0 +1,3 @@
+## Sets the node identifier to the node name (= pod name). Node identifiers have to be unique. They can have a
+## maximum length of 23 characters. Thus, the chart's fullname template truncates its length accordingly.
+/subsystem=transactions:write-attribute(name=node-identifier, value=${jboss.node.name})
diff --git a/infrastructure-provisioning/terraform/gcp/ssn-gke/main/modules/helm_charts/keycloak-chart/templates/test/configmap-test.yaml b/infrastructure-provisioning/terraform/gcp/ssn-gke/main/modules/helm_charts/keycloak-chart/templates/test/configmap-test.yaml
new file mode 100644
index 0000000..18bd617
--- /dev/null
+++ b/infrastructure-provisioning/terraform/gcp/ssn-gke/main/modules/helm_charts/keycloak-chart/templates/test/configmap-test.yaml
@@ -0,0 +1,54 @@
+{{- if .Values.test.enabled }}
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ name: {{ include "keycloak.fullname" . }}-test
+ labels:
+ {{- include "keycloak.commonLabels" . | nindent 4 }}
+data:
+ test.py: |
+ import os
+ from selenium import webdriver
+ from selenium.webdriver.common.by import By
+ from selenium.webdriver.support.ui import WebDriverWait
+ from selenium.webdriver.support import expected_conditions
+ from urllib.parse import urlparse
+
+ print('Creating PhantomJS driver...')
+ driver = webdriver.PhantomJS(service_log_path='/tmp/ghostdriver.log')
+
+ base_url = 'http://{{ include "keycloak.fullname" . }}-http{{ if ne 80 (int .Values.keycloak.service.httpPort) }}:{{ .Values.keycloak.service.httpPort }}{{ end }}'
+
+ print('Opening Keycloak...')
+ driver.get('{0}/auth/admin/'.format(base_url))
+
+ username = os.environ['KEYCLOAK_USER']
+ password = os.environ['KEYCLOAK_PASSWORD']
+
+ username_input = WebDriverWait(driver, 30).until(expected_conditions.presence_of_element_located((By.ID, "username")))
+ password_input = WebDriverWait(driver, 30).until(expected_conditions.presence_of_element_located((By.ID, "password")))
+ login_button = WebDriverWait(driver, 30).until(expected_conditions.presence_of_element_located((By.ID, "kc-login")))
+
+ print('Entering username...')
+ username_input.send_keys(username)
+
+ print('Entering password...')
+ password_input.send_keys(password)
+
+ print('Clicking login button...')
+ login_button.click()
+
+ current_url = urlparse(driver.current_url)
+ expected_url = urlparse('{0}/auth/admin/master/console/'.format(base_url))
+
+ print('Current URL: {0}'.format(current_url))
+ print('Expected URL: {0}'.format(expected_url))
+
+ if current_url.path != expected_url.path:
+ print('Login failed. Current url is not expected url')
+ exit(1)
+
+ print('URLs match. Login successful.')
+
+ driver.quit()
+{{- end }}
diff --git a/infrastructure-provisioning/terraform/gcp/ssn-gke/main/modules/helm_charts/keycloak-chart/templates/test/pod-test.yaml b/infrastructure-provisioning/terraform/gcp/ssn-gke/main/modules/helm_charts/keycloak-chart/templates/test/pod-test.yaml
new file mode 100644
index 0000000..73d171d
--- /dev/null
+++ b/infrastructure-provisioning/terraform/gcp/ssn-gke/main/modules/helm_charts/keycloak-chart/templates/test/pod-test.yaml
@@ -0,0 +1,39 @@
+{{- if .Values.test.enabled }}
+apiVersion: v1
+kind: Pod
+metadata:
+ name: "{{ include "keycloak.fullname" . }}-test-{{ randAlphaNum 5 | lower }}"
+ labels:
+ {{- include "keycloak.commonLabels" . | nindent 4 }}
+ role: test
+ annotations:
+ "helm.sh/hook": test-success
+spec:
+ securityContext:
+ {{- toYaml .Values.test.securityContext | nindent 4 }}
+ containers:
+ - name: {{ .Chart.Name }}-test
+ image: "{{ .Values.test.image.repository }}:{{ .Values.test.image.tag }}"
+ imagePullPolicy: {{ .Values.test.image.pullPolicy }}
+ securityContext:
+ {{- toYaml .Values.test.containerSecurityContext | nindent 8 }}
+ command:
+ - python3
+ - /tests/test.py
+ env:
+ - name: KEYCLOAK_USER
+ value: {{ .Values.keycloak.username }}
+ - name: KEYCLOAK_PASSWORD
+ valueFrom:
+ secretKeyRef:
+ name: {{ include "keycloak.secret" . }}
+ key: {{ include "keycloak.passwordKey" . }}
+ volumeMounts:
+ - name: tests
+ mountPath: /tests
+ volumes:
+ - name: tests
+ configMap:
+ name: {{ include "keycloak.fullname" . }}-test
+ restartPolicy: Never
+{{- end }}
diff --git a/infrastructure-provisioning/terraform/gcp/ssn-gke/main/modules/helm_charts/keycloak-chart/values.yaml b/infrastructure-provisioning/terraform/gcp/ssn-gke/main/modules/helm_charts/keycloak-chart/values.yaml
new file mode 100644
index 0000000..cbe22bb
--- /dev/null
+++ b/infrastructure-provisioning/terraform/gcp/ssn-gke/main/modules/helm_charts/keycloak-chart/values.yaml
@@ -0,0 +1,382 @@
+init:
+ image:
+ repository: busybox
+ tag: 1.31
+ pullPolicy: IfNotPresent
+ resources: {}
+ # limits:
+ # cpu: "10m"
+ # memory: "32Mi"
+ # requests:
+ # cpu: "10m"
+ # memory: "32Mi"
+
+clusterDomain: cluster.local
+
+## Optionally override the fully qualified name
+# fullnameOverride: keycloak
+
+## Optionally override the name
+# nameOverride: keycloak
+
+keycloak:
+ replicas: 1
+
+ image:
+ repository: jboss/keycloak
+ tag: 8.0.1
+ pullPolicy: IfNotPresent
+
+ ## Optionally specify an array of imagePullSecrets.
+ ## Secrets must be manually created in the namespace.
+ ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/
+ ##
+ pullSecrets: []
+ # - myRegistrKeySecretName
+
+ hostAliases: []
+ # - ip: "1.2.3.4"
+ # hostnames:
+ # - "my.host.com"
+
+ enableServiceLinks: false
+
+ restartPolicy: Always
+
+ serviceAccount:
+ # Specifies whether a service account should be created
+ create: false
+ # The name of the service account to use.
+ # If not set and create is true, a name is generated using the fullname template
+ name:
+
+ securityContext:
+ fsGroup: 1000
+
+ containerSecurityContext:
+ runAsUser: 1000
+ runAsNonRoot: true
+
+ ## The path keycloak will be served from. To serve keycloak from the root path, use two quotes (e.g. "").
+ basepath: auth
+
+ ## Additional init containers, e. g. for providing custom themes
+ extraInitContainers: |
+
+ ## Additional sidecar containers, e. g. for a database proxy, such as Google's cloudsql-proxy
+ extraContainers: |
+
+ ## lifecycleHooks defines the container lifecycle hooks
+ lifecycleHooks: |
+ # postStart:
+ # exec:
+ # command: ["/bin/sh", "-c", "ls"]
+
+ ## Additional arguments to start command e.g. -Dkeycloak.import= to load a realm
+ extraArgs: ""
+
+ ## Username for the initial Keycloak admin user
+ username: ${keycloak_user}
+
+ ## Password for the initial Keycloak admin user. Applicable only if existingSecret is not set.
+ ## If not set, a random 10 characters password will be used
+ password: "${keycloak_password}"
+
+ # Specifies an existing secret to be used for the admin password
+ existingSecret: ""
+
+ # The key in the existing secret that stores the password
+ existingSecretKey: password
+
+ ## jGroups configuration (only for HA deployment)
+ jgroups:
+ discoveryProtocol: dns.DNS_PING
+ discoveryProperties: >
+ "dns_query={{ template "keycloak.fullname" . }}-headless.{{ .Release.Namespace }}.svc.{{ .Values.clusterDomain }}"
+
+ ## Allows the specification of additional environment variables for Keycloak
+ extraEnv: |
+ - name: PROXY_ADDRESS_FORWARDING
+ value: "true"
+ # - name: KEYCLOAK_LOGLEVEL
+ # value: DEBUG
+ # - name: WILDFLY_LOGLEVEL
+ # value: DEBUG
+ # - name: CACHE_OWNERS
+ # value: "2"
+ # - name: DB_QUERY_TIMEOUT
+ # value: "60"
+ # - name: DB_VALIDATE_ON_MATCH
+ # value: true
+ # - name: DB_USE_CAST_FAIL
+ # value: false
+
+ affinity: |
+ podAntiAffinity:
+ requiredDuringSchedulingIgnoredDuringExecution:
+ - labelSelector:
+ matchLabels:
+ {{- include "keycloak.selectorLabels" . | nindent 10 }}
+ matchExpressions:
+ - key: role
+ operator: NotIn
+ values:
+ - test
+ topologyKey: kubernetes.io/hostname
+ preferredDuringSchedulingIgnoredDuringExecution:
+ - weight: 100
+ podAffinityTerm:
+ labelSelector:
+ matchLabels:
+ {{- include "keycloak.selectorLabels" . | nindent 12 }}
+ matchExpressions:
+ - key: role
+ operator: NotIn
+ values:
+ - test
+ topologyKey: failure-domain.beta.kubernetes.io/zone
+
+ nodeSelector: {}
+ priorityClassName: ""
+ tolerations: []
+
+ ## Additional pod labels
+ ## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/
+ podLabels: {}
+
+ ## Extra Annotations to be added to pod
+ podAnnotations: {}
+
+ livenessProbe: |
+ httpGet:
+ path: {{ if ne .Values.keycloak.basepath "" }}/{{ .Values.keycloak.basepath }}{{ end }}/
+ port: http
+ initialDelaySeconds: 300
+ timeoutSeconds: 5
+ readinessProbe: |
+ httpGet:
+ path: {{ if ne .Values.keycloak.basepath "" }}/{{ .Values.keycloak.basepath }}{{ end }}/realms/master
+ port: http
+ initialDelaySeconds: 30
+ timeoutSeconds: 1
+
+ resources: {}
+ # limits:
+ # cpu: "100m"
+ # memory: "1024Mi"
+ # requests:
+ # cpu: "100m"
+ # memory: "1024Mi"
+
+ ## WildFly CLI configurations. They all end up in the file 'keycloak.cli' configured in the configmap which is
+ ## executed on server startup.
+ cli:
+ enabled: true
+ nodeIdentifier: |
+ {{ .Files.Get "scripts/node-identifier.cli" }}
+
+ logging: |
+ {{ .Files.Get "scripts/logging.cli" }}
+
+ ha: |
+ {{ .Files.Get "scripts/ha.cli" }}
+
+ datasource: |
+ {{ .Files.Get "scripts/datasource.cli" }}
+
+ # Custom CLI script
+ custom: |
+
+ ## Custom startup scripts to run before Keycloak starts up
+ startupScripts: {}
+ # mystartup.sh: |
+ # #!/bin/sh
+ #
+ # echo 'Hello from my custom startup script!'
+
+ ## Add additional volumes and mounts, e. g. for custom themes
+ extraVolumes: |
+ extraVolumeMounts: |
+
+ ## Add additional ports, eg. for custom admin console
+ extraPorts: |
+
+ podDisruptionBudget: {}
+ # maxUnavailable: 1
+ # minAvailable: 1
+
+ service:
+ annotations: {}
+ # service.beta.kubernetes.io/aws-load-balancer-internal: "0.0.0.0/0"
+
+ labels: {}
+ # key: value
+
+ ## ServiceType
+ ## ref: https://kubernetes.io/docs/user-guide/services/#publishing-services---service-types
+ type: ClusterIP
+
+ ## Optional static port assignment for service type NodePort.
+ # nodePort: 30000
+
+ httpPort: 80
+ httpNodePort: ""
+
+ httpsPort: 8443
+ httpsNodePort: ""
+
+ # Optional: jGroups port for high availability clustering
+ jgroupsPort: 7600
+
+ ## Ingress configuration.
+ ## ref: https://kubernetes.io/docs/user-guide/ingress/
+ ingress:
+ enabled: true
+ annotations:
+ kubernetes.io/ingress.class: nginx
+ nginx.ingress.kubernetes.io/ssl-redirect: "true"
+ nginx.ingress.kubernetes.io/rewrite-target: /auth
+ path: /auth
+ hosts:
+ - ${ssn_k8s_alb_dns_name}
+ tls:
+ - hosts:
+ - ${ssn_k8s_alb_dns_name}
+ secretName: datalab-ui-tls
+
+ ## OpenShift route configuration.
+ ## ref: https://docs.openshift.com/container-platform/3.11/architecture/networking/routes.html
+ route:
+ enabled: false
+ path: /
+
+ annotations: {}
+ # kubernetes.io/tls-acme: "true"
+ # haproxy.router.openshift.io/disable_cookies: "true"
+ # haproxy.router.openshift.io/balance: roundrobin
+
+ labels: {}
+ # key: value
+
+ # Host name for the route
+ host:
+
+ # TLS configuration
+ tls:
+ enabled: true
+ insecureEdgeTerminationPolicy: Redirect
+ termination: edge
+
+ ## Persistence configuration
+ persistence:
+ dbVendor: mysql
+ dbName: ${mysql_db_name}
+ dbHost: keycloak-mysql
+ dbPort: 3306
+ dbUser: ${mysql_user}
+ dbPassword: "${mysql_user_password}"
+
+ startupScripts:
+ mystartup.sh: |
+ ${configure_keycloak_file}
+ extraInitContainers: |
+ - name: theme-provider
+ image: epamdatalab/ui-theme:0.1
+ imagePullPolicy: Always
+ command:
+ - sh
+ args:
+ - -c
+ - |
+ echo "Copying theme..."
+ cp -R /datalab/* /theme
+ volumeMounts:
+ - name: theme
+ mountPath: /theme
+ extraVolumeMounts: |
+ - name: theme
+ mountPath: /opt/jboss/keycloak/themes/datalab
+ extraVolumes: |
+ - name: theme
+ emptyDir: {}
+
+postgresql:
+ ### PostgreSQL User to create.
+ ##
+ postgresqlUsername: keycloak
+
+ ## PostgreSQL Password for the new user.
+ ## If not set, a random 10 characters password will be used.
+ ##
+ postgresqlPassword: ""
+
+ ## PostgreSQL Database to create.
+ ##
+ postgresqlDatabase: keycloak
+
+ ## Persistent Volume Storage configuration.
+ ## ref: https://kubernetes.io/docs/user-guide/persistent-volumes
+ ##
+ persistence:
+ ## Enable PostgreSQL persistence using Persistent Volume Claims.
+ ##
+ enabled: false
+
+test:
+ enabled: true
+ image:
+ repository: unguiculus/docker-python3-phantomjs-selenium
+ tag: v1
+ pullPolicy: IfNotPresent
+ securityContext:
+ fsGroup: 1000
+ containerSecurityContext:
+ runAsUser: 1000
+ runAsNonRoot: true
+
+prometheus:
+ operator:
+ ## Are you using Prometheus Operator?
+ enabled: false
+
+ serviceMonitor:
+ ## Additional labels to add to the ServiceMonitor so it is picked up by the operator.
+ ## If using the [Helm Chart](https://github.com/helm/charts/tree/master/stable/prometheus-operator) this is the name of the Helm release.
+ selector:
+ release: prometheus
+
+ ## Interval at which Prometheus scrapes metrics
+ interval: 10s
+
+ ## Timeout at which Prometheus timeouts scrape run
+ scrapeTimeout: 10s
+
+ ## The path to scrape
+ path: /auth/realms/master/metrics
+
+ prometheusRules:
+ ## Add Prometheus Rules?
+ enabled: false
+
+ ## Additional labels to add to the PrometheusRule so it is picked up by the operator.
+ ## If using the [Helm Chart](https://github.com/helm/charts/tree/master/stable/prometheus-operator) this is the name of the Helm release and 'app: prometheus-operator'
+ selector:
+ app: prometheus-operator
+ release: prometheus
+
+ ## Some example rules.
+ rules: {}
+ # - alert: keycloak-IngressHigh5xxRate
+ # annotations:
+ # message: The percentage of 5xx errors for keycloak over the last 5 minutes is over 1%.
+ # expr: (sum(rate(nginx_ingress_controller_response_duration_seconds_count{exported_namespace="mynamespace",ingress="mynamespace-keycloak",status=~"5[0-9]{2}"}[1m]))/sum(rate(nginx_ingress_controller_response_duration_seconds_count{exported_namespace="mynamespace",ingress="mynamespace-keycloak"}[1m])))*100 > 1
+ # for: 5m
+ # labels:
+ # severity: warning
+ # - alert: keycloak-IngressHigh5xxRate
+ # annotations:
+ # message: The percentage of 5xx errors for keycloak over the last 5 minutes is over 5%.
+ # expr: (sum(rate(nginx_ingress_controller_response_duration_seconds_count{exported_namespace="mynamespace",ingress="mynamespace-keycloak",status=~"5[0-9]{2}"}[1m]))/sum(rate(nginx_ingress_controller_response_duration_seconds_count{exported_namespace="mynamespace",ingress="mynamespace-keycloak"}[1m])))*100 > 5
+ # for: 5m
+ # labels:
+ # severity: critical
---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscribe@datalab.apache.org
For additional commands, e-mail: commits-help@datalab.apache.org