Merge pull request #705 from uselagoon/keycloak-admin-client-secret

chore: add support for keycloak admin api client values
uselagoon · Dec 17, 2024 · f9db5f6 · f9db5f6
2 parents 724bedf + d76181a
commit f9db5f6
Show file tree

Hide file tree

Showing 4 changed files with 14 additions and 13 deletions.
diff --git a/charts/lagoon-core/Chart.yaml b/charts/lagoon-core/Chart.yaml
@@ -41,16 +41,4 @@ dependencies:
 annotations:
   artifacthub.io/changes: |
     - kind: changed
-      description: update lagoon AppVersion to v2.22.0
-      links:
-        - name: lagoon releases
-          url: https://github.com/uselagoon/lagoon/releases/tag/v2.22.0
-    - kind: changed
-      description: update ssh-portal-api and ssh-token to v0.41.3
-      links:
-        - name: lagoon-ssh-portal releases
-          url: https://github.com/uselagoon/lagoon-ssh-portal/releases
-    - kind: changed
-      description: update NATS chart dependency to v1.2.x
-    - kind: changed
-      description: add KEYCLOAK_LAGOON_UI_OIDC_CLIENT_SECRET variable to keycloak and ui deployment
+      description: add KEYCLOAK_ADMIN_API_CLIENT_SECRET variable to keycloak and api deployment
diff --git a/charts/lagoon-core/templates/api.deployment.yaml b/charts/lagoon-core/templates/api.deployment.yaml
@@ -58,6 +58,11 @@ spec:
             secretKeyRef:
               name: {{ include "lagoon-core.keycloak.fullname" . }}
               key: KEYCLOAK_API_CLIENT_SECRET
+        - name: KEYCLOAK_ADMIN_API_CLIENT_SECRET
+          valueFrom:
+            secretKeyRef:
+              name: {{ include "lagoon-core.keycloak.fullname" . }}
+              key: KEYCLOAK_ADMIN_API_CLIENT_SECRET
         - name: KEYCLOAK_FRONTEND_URL
           {{- if .Values.keycloakFrontEndURL }}
           value: {{ .Values.keycloakFrontEndURL }}/auth
@@ -155,6 +160,11 @@ spec:
             secretKeyRef:
               name: {{ include "lagoon-core.keycloak.fullname" . }}
               key: KEYCLOAK_API_CLIENT_SECRET
+        - name: KEYCLOAK_ADMIN_API_CLIENT_SECRET
+          valueFrom:
+            secretKeyRef:
+              name: {{ include "lagoon-core.keycloak.fullname" . }}
+              key: KEYCLOAK_ADMIN_API_CLIENT_SECRET
         - name: KEYCLOAK_FRONTEND_URL
           {{- if .Values.keycloakFrontEndURL }}
           value: {{ .Values.keycloakFrontEndURL }}/auth

diff --git a/charts/lagoon-core/templates/keycloak.secret.yaml b/charts/lagoon-core/templates/keycloak.secret.yaml
@@ -8,6 +8,7 @@ This somewhat complex logic is intended to:
 {{- $keycloakDBPassword := coalesce .Values.keycloakDBPassword (ternary (randAlpha 32) (index $data "DB_PASSWORD" | default "" | b64dec) (index $data "DB_PASSWORD" | empty)) }}
 {{- $keycloakAdminPassword := coalesce .Values.keycloakAdminPassword (ternary (randAlpha 32) (index $data "KEYCLOAK_ADMIN_PASSWORD" | default "" | b64dec) (index $data "KEYCLOAK_ADMIN_PASSWORD" | empty)) }}
 {{- $keycloakAPIClientSecret := coalesce .Values.keycloakAPIClientSecret (ternary uuidv4 (index $data "KEYCLOAK_API_CLIENT_SECRET" | default "" | b64dec) (index $data "KEYCLOAK_API_CLIENT_SECRET" | empty)) }}
+{{- $keycloakAdminAPIClientSecret := coalesce .Values.keycloakAdminAPIClientSecret (ternary uuidv4 (index $data "KEYCLOAK_ADMIN_API_CLIENT_SECRET" | default "" | b64dec) (index $data "KEYCLOAK_ADMIN_API_CLIENT_SECRET" | empty)) }}
 {{- $keycloakAuthServerClientSecret := coalesce .Values.keycloakAuthServerClientSecret (ternary uuidv4 (index $data "KEYCLOAK_AUTH_SERVER_CLIENT_SECRET" | default "" | b64dec) (index $data "KEYCLOAK_AUTH_SERVER_CLIENT_SECRET" | empty)) }}
 {{- $keycloakServiceAPIClientSecret := coalesce .Values.keycloakServiceAPIClientSecret (ternary uuidv4 (index $data "KEYCLOAK_SERVICE_API_CLIENT_SECRET" | default "" | b64dec) (index $data "KEYCLOAK_SERVICE_API_CLIENT_SECRET" | empty)) }}
 {{- $keycloakLagoonUIOIDCClientSecret := coalesce .Values.keycloakLagoonUIOIDCClientSecret (ternary uuidv4 (index $data "KEYCLOAK_LAGOON_UI_OIDC_CLIENT_SECRET" | default "" | b64dec) (index $data "KEYCLOAK_LAGOON_UI_OIDC_CLIENT_SECRET" | empty)) }}
@@ -26,6 +27,7 @@ stringData:
   DB_PASSWORD: {{ $keycloakDBPassword | quote }}
   KEYCLOAK_ADMIN_PASSWORD: {{ $keycloakAdminPassword }}
   KEYCLOAK_API_CLIENT_SECRET: {{ $keycloakAPIClientSecret }}
+  KEYCLOAK_ADMIN_API_CLIENT_SECRET: {{ $keycloakAdminAPIClientSecret }}
   KEYCLOAK_AUTH_SERVER_CLIENT_SECRET: {{ $keycloakAuthServerClientSecret | quote }}
   KEYCLOAK_SERVICE_API_CLIENT_SECRET: {{ $keycloakServiceAPIClientSecret | quote }}
   KEYCLOAK_LAGOON_UI_OIDC_CLIENT_SECRET: {{ $keycloakLagoonUIOIDCClientSecret | quote }}

diff --git a/charts/lagoon-core/values.yaml b/charts/lagoon-core/values.yaml
@@ -44,6 +44,7 @@
 # jwtSecret:
 # keycloakAdminPassword:
 # keycloakAPIClientSecret:
+# keycloakAdminAPIClientSecret:
 # keycloakAuthServerClientSecret:
 # keycloakLagoonUIOIDCClientSecret:
 # keycloakDBPassword: