Remove extensions support from the operator CRD (#10848)
This commit is contained in:
Andrea Peruffo
GitHub
parent
05eb4b376d
commit
bf135c86ba
7 changed files with 0 additions and 116 deletions
|
|
@ -29,8 +29,5 @@ public interface Config {
|
||||||
interface Keycloak {
|
interface Keycloak {
|
||||||
String image();
|
String image();
|
||||||
String imagePullPolicy();
|
String imagePullPolicy();
|
||||||
|
|
||||||
String initContainerImage();
|
|
||||||
String initContainerImagePullPolicy();
|
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -40,13 +40,6 @@ public final class Constants {
|
||||||
"cache-stack", "kubernetes"
|
"cache-stack", "kubernetes"
|
||||||
);
|
);
|
||||||
|
|
||||||
// Init container
|
|
||||||
public static final String EXTENSIONS_VOLUME_NAME = "extensions";
|
|
||||||
public static final String KEYCLOAK_PROVIDERS_FOLDER = "/opt/keycloak/providers";
|
|
||||||
public static final String INIT_CONTAINER_NAME = "keycloak-extensions";
|
|
||||||
public static final String INIT_CONTAINER_EXTENSIONS_FOLDER = "/opt/extensions";
|
|
||||||
public static final String INIT_CONTAINER_EXTENSIONS_ENV_VAR = "KEYCLOAK_EXTENSIONS";
|
|
||||||
|
|
||||||
public static final Integer KEYCLOAK_HTTP_PORT = 8080;
|
public static final Integer KEYCLOAK_HTTP_PORT = 8080;
|
||||||
public static final Integer KEYCLOAK_HTTPS_PORT = 8443;
|
public static final Integer KEYCLOAK_HTTPS_PORT = 8443;
|
||||||
public static final String KEYCLOAK_SERVICE_PROTOCOL = "TCP";
|
public static final String KEYCLOAK_SERVICE_PROTOCOL = "TCP";
|
||||||
|
|
|
||||||
|
|
@ -17,7 +17,6 @@
|
||||||
package org.keycloak.operator.v2alpha1;
|
package org.keycloak.operator.v2alpha1;
|
||||||
|
|
||||||
import io.fabric8.kubernetes.api.model.Container;
|
import io.fabric8.kubernetes.api.model.Container;
|
||||||
import io.fabric8.kubernetes.api.model.ContainerBuilder;
|
|
||||||
import io.fabric8.kubernetes.api.model.EnvVar;
|
import io.fabric8.kubernetes.api.model.EnvVar;
|
||||||
import io.fabric8.kubernetes.api.model.EnvVarBuilder;
|
import io.fabric8.kubernetes.api.model.EnvVarBuilder;
|
||||||
import io.fabric8.kubernetes.api.model.EnvVarSourceBuilder;
|
import io.fabric8.kubernetes.api.model.EnvVarSourceBuilder;
|
||||||
|
|
@ -40,7 +39,6 @@ import org.keycloak.operator.v2alpha1.crds.KeycloakStatusBuilder;
|
||||||
import org.keycloak.operator.v2alpha1.crds.ValueOrSecret;
|
import org.keycloak.operator.v2alpha1.crds.ValueOrSecret;
|
||||||
|
|
||||||
import java.util.ArrayList;
|
import java.util.ArrayList;
|
||||||
import java.util.Collections;
|
|
||||||
import java.util.HashMap;
|
import java.util.HashMap;
|
||||||
import java.util.HashSet;
|
import java.util.HashSet;
|
||||||
import java.util.List;
|
import java.util.List;
|
||||||
|
|
@ -116,60 +114,6 @@ public class KeycloakDeployment extends OperatorManagedResource implements Statu
|
||||||
.get();
|
.get();
|
||||||
}
|
}
|
||||||
|
|
||||||
private void addInitContainer(Deployment baseDeployment, List<String> extensions) {
|
|
||||||
var skipExtensions = Optional
|
|
||||||
.ofNullable(extensions)
|
|
||||||
.map(e -> e.isEmpty())
|
|
||||||
.orElse(true);
|
|
||||||
|
|
||||||
if (skipExtensions) {
|
|
||||||
return;
|
|
||||||
}
|
|
||||||
|
|
||||||
// Add emptyDir Volume
|
|
||||||
var volumes = baseDeployment.getSpec().getTemplate().getSpec().getVolumes();
|
|
||||||
|
|
||||||
var extensionVolume = new VolumeBuilder()
|
|
||||||
.withName(Constants.EXTENSIONS_VOLUME_NAME)
|
|
||||||
.withNewEmptyDir()
|
|
||||||
.endEmptyDir()
|
|
||||||
.build();
|
|
||||||
|
|
||||||
volumes.add(extensionVolume);
|
|
||||||
baseDeployment.getSpec().getTemplate().getSpec().setVolumes(volumes);
|
|
||||||
|
|
||||||
// Add the main deployment Volume Mount
|
|
||||||
var container = baseDeployment.getSpec().getTemplate().getSpec().getContainers().get(0);
|
|
||||||
var containerVolumeMounts = container.getVolumeMounts();
|
|
||||||
|
|
||||||
var extensionVM = new VolumeMountBuilder()
|
|
||||||
.withName(Constants.EXTENSIONS_VOLUME_NAME)
|
|
||||||
.withMountPath(Constants.KEYCLOAK_PROVIDERS_FOLDER)
|
|
||||||
.withReadOnly(true)
|
|
||||||
.build();
|
|
||||||
containerVolumeMounts.add(extensionVM);
|
|
||||||
|
|
||||||
container.setVolumeMounts(containerVolumeMounts);
|
|
||||||
|
|
||||||
// Add the Extensions downloader init container
|
|
||||||
var extensionsValue = extensions.stream().collect(Collectors.joining(","));
|
|
||||||
var initContainer = new ContainerBuilder()
|
|
||||||
.withName(Constants.INIT_CONTAINER_NAME)
|
|
||||||
.withImage(config.keycloak().initContainerImage())
|
|
||||||
.withImagePullPolicy(config.keycloak().initContainerImagePullPolicy())
|
|
||||||
.addNewVolumeMount()
|
|
||||||
.withName(Constants.EXTENSIONS_VOLUME_NAME)
|
|
||||||
.withMountPath(Constants.INIT_CONTAINER_EXTENSIONS_FOLDER)
|
|
||||||
.endVolumeMount()
|
|
||||||
.addNewEnv()
|
|
||||||
.withName(Constants.INIT_CONTAINER_EXTENSIONS_ENV_VAR)
|
|
||||||
.withValue(extensionsValue)
|
|
||||||
.endEnv()
|
|
||||||
.build();
|
|
||||||
|
|
||||||
baseDeployment.getSpec().getTemplate().getSpec().setInitContainers(Collections.singletonList(initContainer));
|
|
||||||
}
|
|
||||||
|
|
||||||
public void validatePodTemplate(KeycloakStatusBuilder status) {
|
public void validatePodTemplate(KeycloakStatusBuilder status) {
|
||||||
if (keycloakCR.getSpec() == null ||
|
if (keycloakCR.getSpec() == null ||
|
||||||
keycloakCR.getSpec().getUnsupported() == null ||
|
keycloakCR.getSpec().getUnsupported() == null ||
|
||||||
|
|
@ -465,7 +409,6 @@ public class KeycloakDeployment extends OperatorManagedResource implements Statu
|
||||||
|
|
||||||
configureHostname(baseDeployment);
|
configureHostname(baseDeployment);
|
||||||
configureTLS(baseDeployment);
|
configureTLS(baseDeployment);
|
||||||
addInitContainer(baseDeployment, keycloakCR.getSpec().getExtensions());
|
|
||||||
mergePodTemplate(baseDeployment.getSpec().getTemplate());
|
mergePodTemplate(baseDeployment.getSpec().getTemplate());
|
||||||
|
|
||||||
return baseDeployment;
|
return baseDeployment;
|
||||||
|
|
|
||||||
|
|
@ -40,8 +40,6 @@ public class KeycloakSpec {
|
||||||
private String tlsSecret;
|
private String tlsSecret;
|
||||||
@JsonPropertyDescription("Disable the default ingress.")
|
@JsonPropertyDescription("Disable the default ingress.")
|
||||||
private boolean disableDefaultIngress;
|
private boolean disableDefaultIngress;
|
||||||
@JsonPropertyDescription("List of URLs to download Keycloak extensions.")
|
|
||||||
private List<String> extensions;
|
|
||||||
@JsonPropertyDescription(
|
@JsonPropertyDescription(
|
||||||
"In this section you can configure podTemplate advanced features, not production-ready, and not supported settings.\n" +
|
"In this section you can configure podTemplate advanced features, not production-ready, and not supported settings.\n" +
|
||||||
"Use at your own risk and open an issue with your use-case if you don't find an alternative way.")
|
"Use at your own risk and open an issue with your use-case if you don't find an alternative way.")
|
||||||
|
|
@ -79,14 +77,6 @@ public class KeycloakSpec {
|
||||||
return this.tlsSecret.equals(Constants.INSECURE_DISABLE);
|
return this.tlsSecret.equals(Constants.INSECURE_DISABLE);
|
||||||
}
|
}
|
||||||
|
|
||||||
public List<String> getExtensions() {
|
|
||||||
return extensions;
|
|
||||||
}
|
|
||||||
|
|
||||||
public void setExtensions(List<String> extensions) {
|
|
||||||
this.extensions = extensions;
|
|
||||||
}
|
|
||||||
|
|
||||||
public Unsupported getUnsupported() {
|
public Unsupported getUnsupported() {
|
||||||
return unsupported;
|
return unsupported;
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -7,6 +7,3 @@ quarkus.operator-sdk.crd.validate=false
|
||||||
# Operator config
|
# Operator config
|
||||||
operator.keycloak.image=quay.io/keycloak/keycloak:latest
|
operator.keycloak.image=quay.io/keycloak/keycloak:latest
|
||||||
operator.keycloak.image-pull-policy=Always
|
operator.keycloak.image-pull-policy=Always
|
||||||
|
|
||||||
operator.keycloak.init-container-image=quay.io/keycloak/keycloak-init-container:legacy
|
|
||||||
operator.keycloak.init-container-image-pull-policy=Always
|
|
||||||
|
|
|
||||||
|
|
@ -16,7 +16,6 @@ import org.keycloak.operator.v2alpha1.crds.ValueOrSecret;
|
||||||
import java.nio.charset.StandardCharsets;
|
import java.nio.charset.StandardCharsets;
|
||||||
import java.time.Duration;
|
import java.time.Duration;
|
||||||
import java.util.Base64;
|
import java.util.Base64;
|
||||||
import java.util.Collections;
|
|
||||||
import java.util.List;
|
import java.util.List;
|
||||||
import java.util.Map;
|
import java.util.Map;
|
||||||
import java.util.concurrent.atomic.AtomicReference;
|
import java.util.concurrent.atomic.AtomicReference;
|
||||||
|
|
@ -25,7 +24,6 @@ import static org.assertj.core.api.Assertions.assertThat;
|
||||||
import static org.junit.jupiter.api.Assertions.assertEquals;
|
import static org.junit.jupiter.api.Assertions.assertEquals;
|
||||||
import static org.junit.jupiter.api.Assertions.assertNotEquals;
|
import static org.junit.jupiter.api.Assertions.assertNotEquals;
|
||||||
import static org.junit.jupiter.api.Assertions.assertTrue;
|
import static org.junit.jupiter.api.Assertions.assertTrue;
|
||||||
import static org.keycloak.operator.Constants.DEFAULT_LABELS;
|
|
||||||
import static org.keycloak.operator.utils.K8sUtils.deployKeycloak;
|
import static org.keycloak.operator.utils.K8sUtils.deployKeycloak;
|
||||||
import static org.keycloak.operator.utils.K8sUtils.getDefaultKeycloakDeployment;
|
import static org.keycloak.operator.utils.K8sUtils.getDefaultKeycloakDeployment;
|
||||||
import static org.keycloak.operator.utils.K8sUtils.waitForKeycloakToBeReady;
|
import static org.keycloak.operator.utils.K8sUtils.waitForKeycloakToBeReady;
|
||||||
|
|
@ -158,36 +156,6 @@ public class KeycloakDeploymentE2EIT extends ClusterOperatorTest {
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
@Test
|
|
||||||
public void testExtensions() {
|
|
||||||
try {
|
|
||||||
var kc = getDefaultKeycloakDeployment();
|
|
||||||
kc.getSpec().setExtensions(
|
|
||||||
Collections.singletonList(
|
|
||||||
"https://github.com/aerogear/keycloak-metrics-spi/releases/download/2.5.3/keycloak-metrics-spi-2.5.3.jar"));
|
|
||||||
deployKeycloak(k8sclient, kc, true);
|
|
||||||
|
|
||||||
var kcPod = k8sclient
|
|
||||||
.pods()
|
|
||||||
.inNamespace(namespace)
|
|
||||||
.withLabels(DEFAULT_LABELS)
|
|
||||||
.list()
|
|
||||||
.getItems()
|
|
||||||
.get(0);
|
|
||||||
|
|
||||||
Awaitility.await()
|
|
||||||
.ignoreExceptions()
|
|
||||||
.untilAsserted(() -> {
|
|
||||||
var logs = k8sclient.pods().inNamespace(namespace).withName(kcPod.getMetadata().getName()).getLog();
|
|
||||||
|
|
||||||
assertTrue(logs.contains("metrics-listener (org.jboss.aerogear.keycloak.metrics.MetricsEventListenerFactory) is implementing the internal SPI"));
|
|
||||||
});
|
|
||||||
} catch (Exception e) {
|
|
||||||
savePodLogs();
|
|
||||||
throw e;
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
@Test
|
@Test
|
||||||
public void testTlsUsesCorrectSecret() {
|
public void testTlsUsesCorrectSecret() {
|
||||||
try {
|
try {
|
||||||
|
|
|
||||||
|
|
@ -33,10 +33,6 @@ public class PodTemplateTest {
|
||||||
public String imagePullPolicy() {
|
public String imagePullPolicy() {
|
||||||
return "Never";
|
return "Never";
|
||||||
}
|
}
|
||||||
@Override
|
|
||||||
public String initContainerImage() { return "quay.io/keycloak/keycloak-init-container:legacy"; }
|
|
||||||
@Override
|
|
||||||
public String initContainerImagePullPolicy() { return "Always"; }
|
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
};
|
};
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue