diff --git a/operator/src/main/java/org/keycloak/operator/Constants.java b/operator/src/main/java/org/keycloak/operator/Constants.java index f9985b9335..6d8a705c8b 100644 --- a/operator/src/main/java/org/keycloak/operator/Constants.java +++ b/operator/src/main/java/org/keycloak/operator/Constants.java @@ -35,9 +35,9 @@ public final class Constants { ); public static final Map DEFAULT_DIST_CONFIG = Map.of( - "KC_HEALTH_ENABLED","true", - "KC_CACHE", "ispn", - "KC_CACHE_STACK", "kubernetes" + "health-enabled","true", + "cache", "ispn", + "cache-stack", "kubernetes" ); // Init container diff --git a/operator/src/main/java/org/keycloak/operator/v2alpha1/KeycloakDeployment.java b/operator/src/main/java/org/keycloak/operator/v2alpha1/KeycloakDeployment.java index e996798307..03cdc29c0d 100644 --- a/operator/src/main/java/org/keycloak/operator/v2alpha1/KeycloakDeployment.java +++ b/operator/src/main/java/org/keycloak/operator/v2alpha1/KeycloakDeployment.java @@ -50,6 +50,8 @@ import java.util.Set; import java.util.function.Consumer; import java.util.stream.Collectors; +import static io.smallrye.config.common.utils.StringUtil.replaceNonAlphanumericByUnderscores; + public class KeycloakDeployment extends OperatorManagedResource implements StatusUpdater { private final Config config; @@ -474,7 +476,6 @@ public class KeycloakDeployment extends OperatorManagedResource implements Statu List serverConfig = Constants.DEFAULT_DIST_CONFIG.entrySet().stream() .map(e -> new ValueOrSecret(e.getKey(), e.getValue())) .collect(Collectors.toList()); - serverConfig.add(new ValueOrSecret("jgroups.dns.query", getName() + Constants.KEYCLOAK_DISCOVERY_SERVICE_SUFFIX +"." + getNamespace())); // merge with the CR; the values in CR take precedence if (keycloakCR.getSpec().getServerConfiguration() != null) { @@ -486,7 +487,7 @@ public class KeycloakDeployment extends OperatorManagedResource implements Statu serverConfigSecretsNames = new HashSet<>(); List envVars = serverConfig.stream() .map(v -> { - var envBuilder = new EnvVarBuilder().withName(v.getName()); + var envBuilder = new EnvVarBuilder().withName(getEnvVarName(v.getName())); var secret = v.getSecret(); if (secret != null) { envBuilder.withValueFrom( @@ -523,6 +524,12 @@ public class KeycloakDeployment extends OperatorManagedResource implements Statu .endValueFrom() .build()); + envVars.add( + new EnvVarBuilder() + .withName("jgroups.dns.query") + .withValue(getName() + Constants.KEYCLOAK_DISCOVERY_SERVICE_SUFFIX +"." + getNamespace()) + .build()); + return envVars; } @@ -578,4 +585,9 @@ public class KeycloakDeployment extends OperatorManagedResource implements Statu .withName(getName()) .rolling().restart(); } + + public static String getEnvVarName(String kcConfigName) { + // TODO make this use impl from Quarkus dist (Configuration.toEnvVarFormat) + return "KC_" + replaceNonAlphanumericByUnderscores(kcConfigName).toUpperCase(); + } } diff --git a/operator/src/main/resources/example-keycloak.yml b/operator/src/main/resources/example-keycloak.yml index ee06352cbd..9ca580d2b5 100644 --- a/operator/src/main/resources/example-keycloak.yml +++ b/operator/src/main/resources/example-keycloak.yml @@ -5,15 +5,15 @@ metadata: spec: instances: 1 serverConfiguration: - - name: KC_DB + - name: db value: postgres - - name: KC_DB_URL_HOST + - name: db-url-host value: postgres-db - - name: KC_DB_USERNAME + - name: db-username secret: name: keycloak-db-secret key: username - - name: KC_DB_PASSWORD + - name: db-password secret: name: keycloak-db-secret key: password diff --git a/operator/src/test/java/org/keycloak/operator/KeycloakDeploymentE2EIT.java b/operator/src/test/java/org/keycloak/operator/KeycloakDeploymentE2EIT.java index ecc5427b72..0a7b49866d 100644 --- a/operator/src/test/java/org/keycloak/operator/KeycloakDeploymentE2EIT.java +++ b/operator/src/test/java/org/keycloak/operator/KeycloakDeploymentE2EIT.java @@ -8,6 +8,7 @@ import org.awaitility.Awaitility; import org.junit.jupiter.api.Test; import org.keycloak.operator.utils.K8sUtils; import org.keycloak.operator.v2alpha1.KeycloakAdminSecret; +import org.keycloak.operator.v2alpha1.KeycloakDeployment; import org.keycloak.operator.v2alpha1.KeycloakService; import org.keycloak.operator.v2alpha1.crds.Keycloak; import org.keycloak.operator.v2alpha1.crds.ValueOrSecret; @@ -66,7 +67,7 @@ public class KeycloakDeploymentE2EIT extends ClusterOperatorTest { var deploymentName = kc.getMetadata().getName(); deployKeycloak(k8sclient, kc, true); - final var dbConf = new ValueOrSecret("KC_DB_PASSWORD", "Ay Caramba!"); + final var dbConf = new ValueOrSecret("db-password", "Ay Caramba!"); kc.getSpec().setImage("quay.io/keycloak/non-existing-keycloak"); kc.getSpec().getServerConfiguration().remove(dbConf); @@ -80,7 +81,8 @@ public class KeycloakDeploymentE2EIT extends ClusterOperatorTest { .getSpec().getTemplate().getSpec().getContainers().get(0); assertThat(c.getImage()).isEqualTo("quay.io/keycloak/non-existing-keycloak"); assertThat(c.getEnv().stream() - .anyMatch(e -> e.getName().equals(dbConf.getName()) && e.getValue().equals(dbConf.getValue()))) + .anyMatch(e -> e.getName().equals(KeycloakDeployment.getEnvVarName(dbConf.getName())) + && e.getValue().equals(dbConf.getValue()))) .isTrue(); }); @@ -94,8 +96,11 @@ public class KeycloakDeploymentE2EIT extends ClusterOperatorTest { public void testConfigInCRTakesPrecedence() { try { var kc = getDefaultKeycloakDeployment(); - var health = new ValueOrSecret("KC_HEALTH_ENABLED", "false"); - var e = new EnvVarBuilder().withName(health.getName()).withValue(health.getValue()).build(); + var health = new ValueOrSecret("health-enabled", "false"); + var e = new EnvVarBuilder() + .withName(KeycloakDeployment.getEnvVarName(health.getName())) + .withValue(health.getValue()) + .build(); kc.getSpec().getServerConfiguration().add(health); deployKeycloak(k8sclient, kc, false); diff --git a/operator/src/test/java/org/keycloak/operator/WatchedSecretsTestE2EIT.java b/operator/src/test/java/org/keycloak/operator/WatchedSecretsTestE2EIT.java index 0debd4e534..082bb1b4ab 100644 --- a/operator/src/test/java/org/keycloak/operator/WatchedSecretsTestE2EIT.java +++ b/operator/src/test/java/org/keycloak/operator/WatchedSecretsTestE2EIT.java @@ -247,8 +247,8 @@ public class WatchedSecretsTestE2EIT extends ClusterOperatorTest { } private void hardcodeDBCredsInCR(Keycloak kc) { - var username = new ValueOrSecret("KC_DB_USERNAME", "postgres"); - var password = new ValueOrSecret("KC_DB_PASSWORD", "testpassword"); + var username = new ValueOrSecret("db-username", "postgres"); + var password = new ValueOrSecret("db-password", "testpassword"); kc.getSpec().getServerConfiguration().remove(username); kc.getSpec().getServerConfiguration().add(username); diff --git a/operator/src/test/resources/correct-podtemplate-keycloak.yml b/operator/src/test/resources/correct-podtemplate-keycloak.yml index 541d77d592..431ac00beb 100644 --- a/operator/src/test/resources/correct-podtemplate-keycloak.yml +++ b/operator/src/test/resources/correct-podtemplate-keycloak.yml @@ -5,13 +5,13 @@ metadata: spec: instances: 1 serverConfiguration: - - name: KC_DB + - name: db value: postgres - - name: KC_DB_URL_HOST + - name: db-url-host value: postgres-db - - name: KC_DB_USERNAME + - name: db-username value: postgres - - name: KC_DB_PASSWORD + - name: db-password value: testpassword hostname: example.com tlsSecret: INSECURE-DISABLE diff --git a/operator/src/test/resources/empty-podtemplate-keycloak.yml b/operator/src/test/resources/empty-podtemplate-keycloak.yml index c2a7e16832..0a2a61ba55 100644 --- a/operator/src/test/resources/empty-podtemplate-keycloak.yml +++ b/operator/src/test/resources/empty-podtemplate-keycloak.yml @@ -5,13 +5,13 @@ metadata: spec: instances: 1 serverConfiguration: - - name: KC_DB + - name: db value: postgres - - name: KC_DB_URL_HOST + - name: db-url-host value: postgres-db - - name: KC_DB_USERNAME + - name: db-username value: postgres - - name: KC_DB_PASSWORD + - name: db-password value: testpassword hostname: example.com tlsSecret: INSECURE-DISABLE