From 3ba1ba12aa16afd8dbaaa19cfe9ebcf5ae29a326 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Moritz=20J=C3=B6rg?= Date: Sat, 14 Mar 2026 18:56:50 +0100 Subject: [PATCH] fix(keycloak): Use theme from gitea --- values/keycloak/README.md | 3 +- values/keycloak/manifests/keycloak.yaml | 2 - values/keycloak/values/values-prod.yaml | 31 +------------ values/keycloak/values/values-staging.yaml | 52 ---------------------- values/keycloak/values/values.yaml | 31 +++++++++++++ 5 files changed, 35 insertions(+), 84 deletions(-) create mode 100644 values/keycloak/values/values.yaml diff --git a/values/keycloak/README.md b/values/keycloak/README.md index b9eeab9f..d747e4a2 100644 --- a/values/keycloak/README.md +++ b/values/keycloak/README.md @@ -8,6 +8,7 @@ kubectl cp -n keycloak oceanbox-realm.json prod-keycloak-0:/tmp/backup/oceanbox- kubectl cp -n keycloak oceanbox-users-0.json prod-keycloak-0:/tmp/backup/oceanbox-users-0.json kc.sh -Djgroups.bind.port=7801 import --dir /tmp/backup ``` + ## Theme -Our keycloak theme is inserted using the image provided [here](https://gitlab.com/oceanbox/keycloak-theme) +The keycloak theme is maintained at [git.oceanbox.io/platform/keycloak-theme](https://git.oceanbox.io/platform/keycloak-theme) and is deployed via an init container using the `git.oceanbox.io/platform/keycloak-theme` image. diff --git a/values/keycloak/manifests/keycloak.yaml b/values/keycloak/manifests/keycloak.yaml index c0c05048..25158c11 100644 --- a/values/keycloak/manifests/keycloak.yaml +++ b/values/keycloak/manifests/keycloak.yaml @@ -33,10 +33,8 @@ spec: syncOptions: - CreateNamespace=true - ApplyOutOfSyncOnly=true - # - ServerSideApply=true {{- if .Values.keycloak.autosync }} automated: prune: true - # selfHeal: false {{- end }} {{- end }} diff --git a/values/keycloak/values/values-prod.yaml b/values/keycloak/values/values-prod.yaml index 9af25445..ddef38bc 100644 --- a/values/keycloak/values/values-prod.yaml +++ b/values/keycloak/values/values-prod.yaml @@ -1,22 +1,9 @@ replicaCount: 2 -# NOTE(mrtz): Hack for working with bitnami legacy registry -global: - security: - allowInsecureImages: true -image: - repository: bitnamilegacy/keycloak - -production: true - -proxy: edge - auth: adminPassword: en to tre fire - adminUser: admin existingSecret: "" managementPassword: "" - managementUser: manager postgresql: enabled: false @@ -48,23 +35,9 @@ extraVolumes: name: theme ingress: - annotations: - cert-manager.io/cluster-issuer: letsencrypt-production - nginx.ingress.kubernetes.io/enable-cors: "true" - nginx.ingress.kubernetes.io/backend-protocol: HTTP - nginx.ingress.kubernetes.io/proxy-buffer-size: 128k - nginx.ingress.kubernetes.io/ssl-redirect: "true" - enabled: true hostname: auth.oceanbox.io - ingressClassName: nginx - path: / - pathType: ImplementationSpecific - selfSigned: false - servicePort: http - tls: true adminIngress: - enabled: false annotations: cert-manager.io/cluster-issuer: letsencrypt-production nginx.ingress.kubernetes.io/enable-cors: "true" @@ -93,8 +66,8 @@ keycloakConfigCli: initContainers: | - name: keycloak-theme-provider - image: docker.io/juselius/oceanbox-theme:1.2 - imagePullPolicy: Always + image: git.oceanbox.io/platform/keycloak-theme:latest + imagePullPolicy: IfNotPresent command: - sh args: diff --git a/values/keycloak/values/values-staging.yaml b/values/keycloak/values/values-staging.yaml index 722fea36..28955673 100644 --- a/values/keycloak/values/values-staging.yaml +++ b/values/keycloak/values/values-staging.yaml @@ -1,22 +1,7 @@ replicaCount: 1 -# NOTE(mrtz): Hack for working with bitnami legacy registry -global: - security: - allowInsecureImages: true -image: - repository: bitnamilegacy/keycloak - -production: true - -proxy: edge - auth: adminPassword: en to tre fire - adminUser: admin - existingSecret: "" - managementPassword: "" - managementUser: manager postgresql: enabled: true @@ -24,32 +9,10 @@ postgresql: postgresPassword: "avatar mustiness economic" password: "punctured abstain facility" -extraVolumeMounts: -- mountPath: /opt/bitnami/keycloak/themes/oceanbox - name: theme - -extraVolumes: -- emptyDir: {} - name: theme - ingress: - annotations: - cert-manager.io/cluster-issuer: letsencrypt-production - nginx.ingress.kubernetes.io/enable-cors: "true" - nginx.ingress.kubernetes.io/backend-protocol: HTTP - nginx.ingress.kubernetes.io/proxy-buffer-size: 128k - nginx.ingress.kubernetes.io/ssl-redirect: "true" - enabled: true hostname: auth.srv.oceanbox.io - ingressClassName: nginx - path: / - pathType: ImplementationSpecific - selfSigned: false - servicePort: http - tls: true adminIngress: - enabled: false annotations: cert-manager.io/cluster-issuer: letsencrypt-production nginx.ingress.kubernetes.io/enable-cors: "true" @@ -64,18 +27,3 @@ adminIngress: selfSigned: false servicePort: http tls: true - -initContainers: | - - name: keycloak-theme-provider - image: docker.io/juselius/oceanbox-theme:1.2 - imagePullPolicy: Always - command: - - sh - args: - - -c - - | - echo "Copying theme..." - cp -R /theme/* /keycloak/themes/oceanbox - volumeMounts: - - name: theme - mountPath: /keycloak/themes/oceanbox diff --git a/values/keycloak/values/values.yaml b/values/keycloak/values/values.yaml new file mode 100644 index 00000000..37645dce --- /dev/null +++ b/values/keycloak/values/values.yaml @@ -0,0 +1,31 @@ +# NOTE(mrtz): Hack for working with bitnami legacy registry +global: + security: + allowInsecureImages: true +image: + repository: bitnamilegacy/keycloak + +production: true +proxy: edge + +auth: + adminUser: admin + managementUser: manager + +ingress: + annotations: + cert-manager.io/cluster-issuer: letsencrypt-production + nginx.ingress.kubernetes.io/enable-cors: "true" + nginx.ingress.kubernetes.io/backend-protocol: HTTP + nginx.ingress.kubernetes.io/proxy-buffer-size: 128k + nginx.ingress.kubernetes.io/ssl-redirect: "true" + enabled: true + ingressClassName: nginx + path: / + pathType: ImplementationSpecific + selfSigned: false + servicePort: http + tls: true + +adminIngress: + enabled: false