From 8985a484a71e2b49bc86aed44c26c77821b4d10d Mon Sep 17 00:00:00 2001 From: Gabriel Mainberger Date: Wed, 7 Dec 2022 09:26:52 +0100 Subject: [PATCH] Update gen-golden indentation Ref: https://github.com/projectsyn/commodore/releases/tag/v1.12.0 --- .../keycloakx/templates/statefulset.yaml | 322 ++++++++--------- .../templates/primary/networkpolicy.yaml | 14 +- .../templates/primary/statefulset.yaml | 295 +++++++-------- .../templates/primary/svc-headless.yaml | 6 +- .../postgresql/templates/primary/svc.yaml | 8 +- .../keycloakx/templates/statefulset.yaml | 310 ++++++++-------- .../keycloakx/templates/statefulset.yaml | 282 +++++++-------- .../templates/primary/networkpolicy.yaml | 14 +- .../templates/primary/statefulset.yaml | 291 +++++++-------- .../templates/primary/svc-headless.yaml | 6 +- .../postgresql/templates/primary/svc.yaml | 8 +- .../keycloakx/templates/statefulset.yaml | 340 +++++++++--------- 12 files changed, 949 insertions(+), 947 deletions(-) diff --git a/tests/golden/builtin/builtin/builtin/01_keycloak_helmchart/keycloakx/templates/statefulset.yaml b/tests/golden/builtin/builtin/builtin/01_keycloak_helmchart/keycloakx/templates/statefulset.yaml index 5973623e..09e63dbf 100644 --- a/tests/golden/builtin/builtin/builtin/01_keycloak_helmchart/keycloakx/templates/statefulset.yaml +++ b/tests/golden/builtin/builtin/builtin/01_keycloak_helmchart/keycloakx/templates/statefulset.yaml @@ -30,179 +30,179 @@ spec: affinity: podAntiAffinity: preferredDuringSchedulingIgnoredDuringExecution: - - podAffinityTerm: - labelSelector: + - podAffinityTerm: + labelSelector: + matchExpressions: + - key: app.kubernetes.io/component + operator: NotIn + values: + - test + matchLabels: + app.kubernetes.io/instance: keycloakx + app.kubernetes.io/name: keycloakx + topologyKey: topology.kubernetes.io/zone + weight: 100 + requiredDuringSchedulingIgnoredDuringExecution: + - labelSelector: matchExpressions: - - key: app.kubernetes.io/component - operator: NotIn - values: - - test + - key: app.kubernetes.io/component + operator: NotIn + values: + - test matchLabels: app.kubernetes.io/instance: keycloakx app.kubernetes.io/name: keycloakx - topologyKey: topology.kubernetes.io/zone - weight: 100 - requiredDuringSchedulingIgnoredDuringExecution: - - labelSelector: - matchExpressions: - - key: app.kubernetes.io/component - operator: NotIn - values: - - test - matchLabels: - app.kubernetes.io/instance: keycloakx - app.kubernetes.io/name: keycloakx - topologyKey: kubernetes.io/hostname + topologyKey: kubernetes.io/hostname containers: - - args: - - start - - --auto-build - - --http-enabled=true - env: - - name: FOO - value: bar - - name: JAVA_OPTS - value: -XX:+UseContainerSupport -XX:MaxRAMPercentage=50.0 -Djava.net.preferIPv4Stack=true - -Djava.awt.headless=true -Djgroups.dns.query=keycloakx-headless - - name: KC_CACHE - value: ispn - - name: KC_CACHE_STACK - value: kubernetes - - name: KC_DB - value: postgres - - name: KC_DB_URL_DATABASE - value: keycloak - - name: KC_DB_URL_HOST - value: keycloak-postgresql - - name: KC_DB_URL_PORT - value: patched - - name: KC_DB_USERNAME - value: keycloak - - name: KC_HEALTH_ENABLED - value: 'true' - - name: KC_HOSTNAME - value: keycloak.example.com - - name: KC_HOSTNAME_STRICT - value: 'false' - - name: KC_HTTPS_CERTIFICATE_FILE - value: /etc/x509/https/tls.crt - - name: KC_HTTPS_CERTIFICATE_KEY_FILE - value: /etc/x509/https/tls.key - - name: KC_HTTP_RELATIVE_PATH - value: /auth - - name: KC_METRICS_ENABLED - value: 'true' - - name: KC_PROXY - value: reencrypt - envFrom: - - secretRef: - name: keycloak-admin-user - - secretRef: - name: keycloak-postgresql - image: quay.io/keycloak/keycloak:18.0.2 - imagePullPolicy: IfNotPresent - livenessProbe: - httpGet: - path: /auth/health/live - port: http - initialDelaySeconds: 0 - timeoutSeconds: 5 - name: keycloak - ports: - - containerPort: 8080 - name: http - protocol: TCP - - containerPort: 8443 - name: https - protocol: TCP - readinessProbe: - httpGet: - path: /auth/health/ready - port: http - initialDelaySeconds: 10 - timeoutSeconds: 1 - resources: - limits: - cpu: '1' - memory: 1Gi - requests: - cpu: 500m - memory: 512Mi - securityContext: - runAsNonRoot: true - runAsUser: 1000 - startupProbe: - failureThreshold: 60 - httpGet: - path: /auth/health - port: http - initialDelaySeconds: 15 - periodSeconds: 5 - timeoutSeconds: 1 - volumeMounts: - - mountPath: /opt/keycloak/db-certs - name: db-certs - readOnly: true - - mountPath: /etc/x509/https - name: keycloak-tls - readOnly: true - - mountPath: /opt/test - name: theme - readOnly: true + - args: + - start + - --auto-build + - --http-enabled=true + env: + - name: FOO + value: bar + - name: JAVA_OPTS + value: -XX:+UseContainerSupport -XX:MaxRAMPercentage=50.0 -Djava.net.preferIPv4Stack=true + -Djava.awt.headless=true -Djgroups.dns.query=keycloakx-headless + - name: KC_CACHE + value: ispn + - name: KC_CACHE_STACK + value: kubernetes + - name: KC_DB + value: postgres + - name: KC_DB_URL_DATABASE + value: keycloak + - name: KC_DB_URL_HOST + value: keycloak-postgresql + - name: KC_DB_URL_PORT + value: patched + - name: KC_DB_USERNAME + value: keycloak + - name: KC_HEALTH_ENABLED + value: 'true' + - name: KC_HOSTNAME + value: keycloak.example.com + - name: KC_HOSTNAME_STRICT + value: 'false' + - name: KC_HTTPS_CERTIFICATE_FILE + value: /etc/x509/https/tls.crt + - name: KC_HTTPS_CERTIFICATE_KEY_FILE + value: /etc/x509/https/tls.key + - name: KC_HTTP_RELATIVE_PATH + value: /auth + - name: KC_METRICS_ENABLED + value: 'true' + - name: KC_PROXY + value: reencrypt + envFrom: + - secretRef: + name: keycloak-admin-user + - secretRef: + name: keycloak-postgresql + image: quay.io/keycloak/keycloak:18.0.2 + imagePullPolicy: IfNotPresent + livenessProbe: + httpGet: + path: /auth/health/live + port: http + initialDelaySeconds: 0 + timeoutSeconds: 5 + name: keycloak + ports: + - containerPort: 8080 + name: http + protocol: TCP + - containerPort: 8443 + name: https + protocol: TCP + readinessProbe: + httpGet: + path: /auth/health/ready + port: http + initialDelaySeconds: 10 + timeoutSeconds: 1 + resources: + limits: + cpu: '1' + memory: 1Gi + requests: + cpu: 500m + memory: 512Mi + securityContext: + runAsNonRoot: true + runAsUser: 1000 + startupProbe: + failureThreshold: 60 + httpGet: + path: /auth/health + port: http + initialDelaySeconds: 15 + periodSeconds: 5 + timeoutSeconds: 1 + volumeMounts: + - mountPath: /opt/keycloak/db-certs + name: db-certs + readOnly: true + - mountPath: /etc/x509/https + name: keycloak-tls + readOnly: true + - mountPath: /opt/test + name: theme + readOnly: true enableServiceLinks: true initContainers: - - command: - - sh - - -c - - "echo 'Waiting for Database to become ready...'\n\nuntil printf \".\" &&\ - \ nc -z -w 2 keycloak-postgresql 5432; do\n sleep 2;\ndone;\n\necho 'Database\ - \ OK \u2713'\n" - image: docker.io/busybox:1.32 - imagePullPolicy: IfNotPresent - name: dbchecker - resources: - limits: - cpu: 20m - memory: 32Mi - requests: - cpu: 20m - memory: 32Mi - securityContext: - allowPrivilegeEscalation: false - runAsGroup: 1000 - runAsNonRoot: true - runAsUser: 1000 - - args: - - -c - - | - echo "Copying theme..." - cp -R /theme/* /company-theme - command: - - sh - image: company/keycloak-theme:v1.0.0 - imagePullPolicy: IfNotPresent - name: theme-provider - volumeMounts: - - mountPath: /company-theme - name: theme + - command: + - sh + - -c + - "echo 'Waiting for Database to become ready...'\n\nuntil printf \".\"\ + \ && nc -z -w 2 keycloak-postgresql 5432; do\n sleep 2;\ndone;\n\n\ + echo 'Database OK \u2713'\n" + image: docker.io/busybox:1.32 + imagePullPolicy: IfNotPresent + name: dbchecker + resources: + limits: + cpu: 20m + memory: 32Mi + requests: + cpu: 20m + memory: 32Mi + securityContext: + allowPrivilegeEscalation: false + runAsGroup: 1000 + runAsNonRoot: true + runAsUser: 1000 + - args: + - -c + - | + echo "Copying theme..." + cp -R /theme/* /company-theme + command: + - sh + image: company/keycloak-theme:v1.0.0 + imagePullPolicy: IfNotPresent + name: theme-provider + volumeMounts: + - mountPath: /company-theme + name: theme restartPolicy: Always securityContext: fsGroup: 1000 serviceAccountName: keycloakx terminationGracePeriodSeconds: 60 volumes: - - name: db-certs - secret: - defaultMode: 256 - items: - - key: tls.crt - path: tls.crt - secretName: keycloak-postgresql-tls - - name: keycloak-tls - secret: - defaultMode: 420 - secretName: keycloak-tls - - emptyDir: {} - name: theme + - name: db-certs + secret: + defaultMode: 256 + items: + - key: tls.crt + path: tls.crt + secretName: keycloak-postgresql-tls + - name: keycloak-tls + secret: + defaultMode: 420 + secretName: keycloak-tls + - emptyDir: {} + name: theme updateStrategy: type: RollingUpdate diff --git a/tests/golden/builtin/builtin/builtin/01_keycloak_helmchart/postgresql/templates/primary/networkpolicy.yaml b/tests/golden/builtin/builtin/builtin/01_keycloak_helmchart/postgresql/templates/primary/networkpolicy.yaml index e88f4303..36a2f431 100644 --- a/tests/golden/builtin/builtin/builtin/01_keycloak_helmchart/postgresql/templates/primary/networkpolicy.yaml +++ b/tests/golden/builtin/builtin/builtin/01_keycloak_helmchart/postgresql/templates/primary/networkpolicy.yaml @@ -11,13 +11,13 @@ metadata: namespace: syn-builtin spec: ingress: - - from: - - podSelector: - matchLabels: - app.kubernetes.io/instance: keycloakx - app.kubernetes.io/name: keycloakx - ports: - - port: 5432 + - from: + - podSelector: + matchLabels: + app.kubernetes.io/instance: keycloakx + app.kubernetes.io/name: keycloakx + ports: + - port: 5432 podSelector: matchLabels: app.kubernetes.io/component: primary diff --git a/tests/golden/builtin/builtin/builtin/01_keycloak_helmchart/postgresql/templates/primary/statefulset.yaml b/tests/golden/builtin/builtin/builtin/01_keycloak_helmchart/postgresql/templates/primary/statefulset.yaml index ce8223b1..1cc5ff07 100644 --- a/tests/golden/builtin/builtin/builtin/01_keycloak_helmchart/postgresql/templates/primary/statefulset.yaml +++ b/tests/golden/builtin/builtin/builtin/01_keycloak_helmchart/postgresql/templates/primary/statefulset.yaml @@ -40,162 +40,163 @@ spec: podAffinity: null podAntiAffinity: preferredDuringSchedulingIgnoredDuringExecution: - - podAffinityTerm: - labelSelector: - matchLabels: - app.kubernetes.io/component: primary - app.kubernetes.io/instance: keycloak - app.kubernetes.io/name: postgresql - namespaces: - - syn-builtin - topologyKey: kubernetes.io/hostname - weight: 1 + - podAffinityTerm: + labelSelector: + matchLabels: + app.kubernetes.io/component: primary + app.kubernetes.io/instance: keycloak + app.kubernetes.io/name: postgresql + namespaces: + - syn-builtin + topologyKey: kubernetes.io/hostname + weight: 1 containers: - - env: - - name: BITNAMI_DEBUG - value: 'false' - - name: POSTGRESQL_PORT_NUMBER - value: '5432' - - name: POSTGRESQL_VOLUME_DIR - value: /bitnami/postgresql - - name: PGDATA - value: /bitnami/postgresql/data - - name: POSTGRES_USER - value: keycloak - - name: POSTGRES_POSTGRES_PASSWORD - valueFrom: - secretKeyRef: - key: postgres-password - name: keycloak-postgresql - - name: POSTGRES_PASSWORD - valueFrom: - secretKeyRef: - key: password - name: keycloak-postgresql - - name: POSTGRES_DB - value: keycloak - - name: POSTGRESQL_ENABLE_LDAP - value: 'no' - - name: POSTGRESQL_ENABLE_TLS - value: 'yes' - - name: POSTGRESQL_TLS_PREFER_SERVER_CIPHERS - value: 'yes' - - name: POSTGRESQL_TLS_CERT_FILE - value: /opt/bitnami/postgresql/certs/tls.crt - - name: POSTGRESQL_TLS_KEY_FILE - value: /opt/bitnami/postgresql/certs/tls.key - - name: POSTGRESQL_LOG_HOSTNAME - value: 'false' - - name: POSTGRESQL_LOG_CONNECTIONS - value: 'false' - - name: POSTGRESQL_LOG_DISCONNECTIONS - value: 'false' - - name: POSTGRESQL_PGAUDIT_LOG_CATALOG - value: 'off' - - name: POSTGRESQL_CLIENT_MIN_MESSAGES - value: error - - name: POSTGRESQL_SHARED_PRELOAD_LIBRARIES - value: pgaudit - image: docker.io/bitnami/postgresql:11.14.0-debian-10-r28 - imagePullPolicy: IfNotPresent - livenessProbe: - exec: - command: - - /bin/sh - - -c - - exec pg_isready -U "keycloak" -d "dbname=keycloak" -h 127.0.0.1 -p 5432 - failureThreshold: 6 - initialDelaySeconds: 30 - periodSeconds: 10 - successThreshold: 1 - timeoutSeconds: 5 - name: postgresql - ports: - - containerPort: 5432 - name: tcp-postgresql - readinessProbe: - exec: - command: - - /bin/sh - - -c - - -e - - | - exec pg_isready -U "keycloak" -d "dbname=keycloak sslcert=/opt/bitnami/postgresql/certs/tls.crt sslkey=/opt/bitnami/postgresql/certs/tls.key" -h 127.0.0.1 -p 5432 - [ -f /opt/bitnami/postgresql/tmp/.initialized ] || [ -f /bitnami/postgresql/.initialized ] - failureThreshold: 6 - initialDelaySeconds: 5 - periodSeconds: 10 - successThreshold: 1 - timeoutSeconds: 5 - resources: - limits: {} - requests: - cpu: 250m - memory: 256Mi - securityContext: - runAsUser: 1001 - volumeMounts: - - mountPath: /opt/bitnami/postgresql/certs - name: postgresql-certificates - readOnly: true - - mountPath: /dev/shm - name: dshm - - mountPath: /bitnami/postgresql - name: data + - env: + - name: BITNAMI_DEBUG + value: 'false' + - name: POSTGRESQL_PORT_NUMBER + value: '5432' + - name: POSTGRESQL_VOLUME_DIR + value: /bitnami/postgresql + - name: PGDATA + value: /bitnami/postgresql/data + - name: POSTGRES_USER + value: keycloak + - name: POSTGRES_POSTGRES_PASSWORD + valueFrom: + secretKeyRef: + key: postgres-password + name: keycloak-postgresql + - name: POSTGRES_PASSWORD + valueFrom: + secretKeyRef: + key: password + name: keycloak-postgresql + - name: POSTGRES_DB + value: keycloak + - name: POSTGRESQL_ENABLE_LDAP + value: 'no' + - name: POSTGRESQL_ENABLE_TLS + value: 'yes' + - name: POSTGRESQL_TLS_PREFER_SERVER_CIPHERS + value: 'yes' + - name: POSTGRESQL_TLS_CERT_FILE + value: /opt/bitnami/postgresql/certs/tls.crt + - name: POSTGRESQL_TLS_KEY_FILE + value: /opt/bitnami/postgresql/certs/tls.key + - name: POSTGRESQL_LOG_HOSTNAME + value: 'false' + - name: POSTGRESQL_LOG_CONNECTIONS + value: 'false' + - name: POSTGRESQL_LOG_DISCONNECTIONS + value: 'false' + - name: POSTGRESQL_PGAUDIT_LOG_CATALOG + value: 'off' + - name: POSTGRESQL_CLIENT_MIN_MESSAGES + value: error + - name: POSTGRESQL_SHARED_PRELOAD_LIBRARIES + value: pgaudit + image: docker.io/bitnami/postgresql:11.14.0-debian-10-r28 + imagePullPolicy: IfNotPresent + livenessProbe: + exec: + command: + - /bin/sh + - -c + - exec pg_isready -U "keycloak" -d "dbname=keycloak" -h 127.0.0.1 + -p 5432 + failureThreshold: 6 + initialDelaySeconds: 30 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 5 + name: postgresql + ports: + - containerPort: 5432 + name: tcp-postgresql + readinessProbe: + exec: + command: + - /bin/sh + - -c + - -e + - | + exec pg_isready -U "keycloak" -d "dbname=keycloak sslcert=/opt/bitnami/postgresql/certs/tls.crt sslkey=/opt/bitnami/postgresql/certs/tls.key" -h 127.0.0.1 -p 5432 + [ -f /opt/bitnami/postgresql/tmp/.initialized ] || [ -f /bitnami/postgresql/.initialized ] + failureThreshold: 6 + initialDelaySeconds: 5 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 5 + resources: + limits: {} + requests: + cpu: 250m + memory: 256Mi + securityContext: + runAsUser: 1001 + volumeMounts: + - mountPath: /opt/bitnami/postgresql/certs + name: postgresql-certificates + readOnly: true + - mountPath: /dev/shm + name: dshm + - mountPath: /bitnami/postgresql + name: data hostIPC: false hostNetwork: false initContainers: - - command: - - /bin/sh - - -ec - - | - chown 1001:1001 /bitnami/postgresql - mkdir -p /bitnami/postgresql/data - chmod 700 /bitnami/postgresql/data - find /bitnami/postgresql -mindepth 1 -maxdepth 1 -not -name "conf" -not -name ".snapshot" -not -name "lost+found" | \ - xargs -r chown -R 1001:1001 - chmod -R 777 /dev/shm - cp /tmp/certs/* /opt/bitnami/postgresql/certs/ - chown -R 1001:1001 /opt/bitnami/postgresql/certs/ - chmod 600 /opt/bitnami/postgresql/certs/tls.key - image: docker.io/bitnami/bitnami-shell:11-debian-11-r46 - imagePullPolicy: IfNotPresent - name: init-chmod-data - resources: - limits: {} - requests: {} - securityContext: - runAsUser: 0 - volumeMounts: - - mountPath: /bitnami/postgresql - name: data - - mountPath: /dev/shm - name: dshm - - mountPath: /tmp/certs - name: raw-certificates - - mountPath: /opt/bitnami/postgresql/certs - name: postgresql-certificates + - command: + - /bin/sh + - -ec + - | + chown 1001:1001 /bitnami/postgresql + mkdir -p /bitnami/postgresql/data + chmod 700 /bitnami/postgresql/data + find /bitnami/postgresql -mindepth 1 -maxdepth 1 -not -name "conf" -not -name ".snapshot" -not -name "lost+found" | \ + xargs -r chown -R 1001:1001 + chmod -R 777 /dev/shm + cp /tmp/certs/* /opt/bitnami/postgresql/certs/ + chown -R 1001:1001 /opt/bitnami/postgresql/certs/ + chmod 600 /opt/bitnami/postgresql/certs/tls.key + image: docker.io/bitnami/bitnami-shell:11-debian-11-r46 + imagePullPolicy: IfNotPresent + name: init-chmod-data + resources: + limits: {} + requests: {} + securityContext: + runAsUser: 0 + volumeMounts: + - mountPath: /bitnami/postgresql + name: data + - mountPath: /dev/shm + name: dshm + - mountPath: /tmp/certs + name: raw-certificates + - mountPath: /opt/bitnami/postgresql/certs + name: postgresql-certificates securityContext: fsGroup: 1001 serviceAccountName: default volumes: - - name: raw-certificates - secret: - secretName: keycloak-postgresql-tls - - emptyDir: {} - name: postgresql-certificates - - emptyDir: - medium: Memory - name: dshm + - name: raw-certificates + secret: + secretName: keycloak-postgresql-tls + - emptyDir: {} + name: postgresql-certificates + - emptyDir: + medium: Memory + name: dshm updateStrategy: rollingUpdate: {} type: RollingUpdate volumeClaimTemplates: - - metadata: - name: data - spec: - accessModes: - - ReadWriteOnce - resources: - requests: - storage: 8Gi + - metadata: + name: data + spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 8Gi diff --git a/tests/golden/builtin/builtin/builtin/01_keycloak_helmchart/postgresql/templates/primary/svc-headless.yaml b/tests/golden/builtin/builtin/builtin/01_keycloak_helmchart/postgresql/templates/primary/svc-headless.yaml index 9335dec2..dd7e8a43 100644 --- a/tests/golden/builtin/builtin/builtin/01_keycloak_helmchart/postgresql/templates/primary/svc-headless.yaml +++ b/tests/golden/builtin/builtin/builtin/01_keycloak_helmchart/postgresql/templates/primary/svc-headless.yaml @@ -13,9 +13,9 @@ metadata: spec: clusterIP: None ports: - - name: tcp-postgresql - port: 5432 - targetPort: tcp-postgresql + - name: tcp-postgresql + port: 5432 + targetPort: tcp-postgresql publishNotReadyAddresses: true selector: app.kubernetes.io/component: primary diff --git a/tests/golden/builtin/builtin/builtin/01_keycloak_helmchart/postgresql/templates/primary/svc.yaml b/tests/golden/builtin/builtin/builtin/01_keycloak_helmchart/postgresql/templates/primary/svc.yaml index 5f5285e9..40dcdeac 100644 --- a/tests/golden/builtin/builtin/builtin/01_keycloak_helmchart/postgresql/templates/primary/svc.yaml +++ b/tests/golden/builtin/builtin/builtin/01_keycloak_helmchart/postgresql/templates/primary/svc.yaml @@ -12,10 +12,10 @@ metadata: namespace: syn-builtin spec: ports: - - name: tcp-postgresql - nodePort: null - port: 5432 - targetPort: tcp-postgresql + - name: tcp-postgresql + nodePort: null + port: 5432 + targetPort: tcp-postgresql selector: app.kubernetes.io/component: primary app.kubernetes.io/instance: keycloak diff --git a/tests/golden/external/external/external/01_keycloak_helmchart/keycloakx/templates/statefulset.yaml b/tests/golden/external/external/external/01_keycloak_helmchart/keycloakx/templates/statefulset.yaml index 9b2e3f1a..603b4325 100644 --- a/tests/golden/external/external/external/01_keycloak_helmchart/keycloakx/templates/statefulset.yaml +++ b/tests/golden/external/external/external/01_keycloak_helmchart/keycloakx/templates/statefulset.yaml @@ -30,173 +30,173 @@ spec: affinity: podAntiAffinity: preferredDuringSchedulingIgnoredDuringExecution: - - podAffinityTerm: - labelSelector: + - podAffinityTerm: + labelSelector: + matchExpressions: + - key: app.kubernetes.io/component + operator: NotIn + values: + - test + matchLabels: + app.kubernetes.io/instance: keycloakx + app.kubernetes.io/name: keycloakx + topologyKey: topology.kubernetes.io/zone + weight: 100 + requiredDuringSchedulingIgnoredDuringExecution: + - labelSelector: matchExpressions: - - key: app.kubernetes.io/component - operator: NotIn - values: - - test + - key: app.kubernetes.io/component + operator: NotIn + values: + - test matchLabels: app.kubernetes.io/instance: keycloakx app.kubernetes.io/name: keycloakx - topologyKey: topology.kubernetes.io/zone - weight: 100 - requiredDuringSchedulingIgnoredDuringExecution: - - labelSelector: - matchExpressions: - - key: app.kubernetes.io/component - operator: NotIn - values: - - test - matchLabels: - app.kubernetes.io/instance: keycloakx - app.kubernetes.io/name: keycloakx - topologyKey: kubernetes.io/hostname + topologyKey: kubernetes.io/hostname containers: - - args: - - start - - --auto-build - - --http-enabled=true - env: - - name: JAVA_OPTS - value: -XX:+UseContainerSupport -XX:MaxRAMPercentage=50.0 -Djava.net.preferIPv4Stack=true - -Djava.awt.headless=true -Djgroups.dns.query=keycloakx-headless - - name: KC_CACHE - value: ispn - - name: KC_CACHE_STACK - value: kubernetes - - name: KC_DB - value: postgres - - name: KC_DB_URL_DATABASE - value: keycloak - - name: KC_DB_URL_HOST - value: postgres.example.com - - name: KC_DB_URL_PORT - value: '5432' - - name: KC_DB_USERNAME - value: keycloak - - name: KC_HEALTH_ENABLED - value: 'true' - - name: KC_HOSTNAME - value: keycloak.example.com - - name: KC_HOSTNAME_STRICT - value: 'true' - - name: KC_HTTPS_CERTIFICATE_FILE - value: /etc/x509/https/tls.crt - - name: KC_HTTPS_CERTIFICATE_KEY_FILE - value: /etc/x509/https/tls.key - - name: KC_HTTP_RELATIVE_PATH - value: /auth - - name: KC_METRICS_ENABLED - value: 'true' - - name: KC_PROXY - value: passthrough - envFrom: - - secretRef: - name: keycloak-admin-user - - secretRef: - name: keycloak-postgresql - image: quay.io/keycloak/keycloak:18.0.2 - imagePullPolicy: IfNotPresent - livenessProbe: - httpGet: - path: /auth/health/live - port: http - initialDelaySeconds: 0 - timeoutSeconds: 5 - name: keycloak - ports: - - containerPort: 8080 - name: http - protocol: TCP - - containerPort: 8443 - name: https - protocol: TCP - readinessProbe: - httpGet: - path: /auth/health/ready - port: http - initialDelaySeconds: 10 - timeoutSeconds: 1 - resources: - limits: - cpu: '1' - memory: 1Gi - requests: - cpu: 500m - memory: 512Mi - securityContext: - runAsNonRoot: true - runAsUser: 1000 - startupProbe: - failureThreshold: 60 - httpGet: - path: /auth/health - port: http - initialDelaySeconds: 15 - periodSeconds: 5 - timeoutSeconds: 1 - volumeMounts: - - mountPath: /opt/keycloak/db-certs - name: db-certs - readOnly: true - - mountPath: /etc/x509/https - name: keycloak-tls - readOnly: true - - mountPath: /themes/bar - name: themes - readOnly: true - subDir: bar - - mountPath: /themes/foo - name: themes - readOnly: true - subDir: foo - - mountPath: /themes/test - name: themes - readOnly: true - subDir: test + - args: + - start + - --auto-build + - --http-enabled=true + env: + - name: JAVA_OPTS + value: -XX:+UseContainerSupport -XX:MaxRAMPercentage=50.0 -Djava.net.preferIPv4Stack=true + -Djava.awt.headless=true -Djgroups.dns.query=keycloakx-headless + - name: KC_CACHE + value: ispn + - name: KC_CACHE_STACK + value: kubernetes + - name: KC_DB + value: postgres + - name: KC_DB_URL_DATABASE + value: keycloak + - name: KC_DB_URL_HOST + value: postgres.example.com + - name: KC_DB_URL_PORT + value: '5432' + - name: KC_DB_USERNAME + value: keycloak + - name: KC_HEALTH_ENABLED + value: 'true' + - name: KC_HOSTNAME + value: keycloak.example.com + - name: KC_HOSTNAME_STRICT + value: 'true' + - name: KC_HTTPS_CERTIFICATE_FILE + value: /etc/x509/https/tls.crt + - name: KC_HTTPS_CERTIFICATE_KEY_FILE + value: /etc/x509/https/tls.key + - name: KC_HTTP_RELATIVE_PATH + value: /auth + - name: KC_METRICS_ENABLED + value: 'true' + - name: KC_PROXY + value: passthrough + envFrom: + - secretRef: + name: keycloak-admin-user + - secretRef: + name: keycloak-postgresql + image: quay.io/keycloak/keycloak:18.0.2 + imagePullPolicy: IfNotPresent + livenessProbe: + httpGet: + path: /auth/health/live + port: http + initialDelaySeconds: 0 + timeoutSeconds: 5 + name: keycloak + ports: + - containerPort: 8080 + name: http + protocol: TCP + - containerPort: 8443 + name: https + protocol: TCP + readinessProbe: + httpGet: + path: /auth/health/ready + port: http + initialDelaySeconds: 10 + timeoutSeconds: 1 + resources: + limits: + cpu: '1' + memory: 1Gi + requests: + cpu: 500m + memory: 512Mi + securityContext: + runAsNonRoot: true + runAsUser: 1000 + startupProbe: + failureThreshold: 60 + httpGet: + path: /auth/health + port: http + initialDelaySeconds: 15 + periodSeconds: 5 + timeoutSeconds: 1 + volumeMounts: + - mountPath: /opt/keycloak/db-certs + name: db-certs + readOnly: true + - mountPath: /etc/x509/https + name: keycloak-tls + readOnly: true + - mountPath: /themes/bar + name: themes + readOnly: true + subDir: bar + - mountPath: /themes/foo + name: themes + readOnly: true + subDir: foo + - mountPath: /themes/test + name: themes + readOnly: true + subDir: test enableServiceLinks: true initContainers: - - command: - - sh - - -c - - "echo 'Waiting for Database to become ready...'\n\nuntil printf \".\" &&\ - \ nc -z -w 2 postgres.example.com 5432; do\n sleep 2;\ndone;\n\necho\ - \ 'Database OK \u2713'\n" - image: docker.io/busybox:1.32 - imagePullPolicy: IfNotPresent - name: dbchecker - resources: - limits: - cpu: 20m - memory: 32Mi - requests: - cpu: 20m - memory: 32Mi - securityContext: - allowPrivilegeEscalation: false - runAsGroup: 1000 - runAsNonRoot: true - runAsUser: 1000 + - command: + - sh + - -c + - "echo 'Waiting for Database to become ready...'\n\nuntil printf \".\"\ + \ && nc -z -w 2 postgres.example.com 5432; do\n sleep 2;\ndone;\n\ + \necho 'Database OK \u2713'\n" + image: docker.io/busybox:1.32 + imagePullPolicy: IfNotPresent + name: dbchecker + resources: + limits: + cpu: 20m + memory: 32Mi + requests: + cpu: 20m + memory: 32Mi + securityContext: + allowPrivilegeEscalation: false + runAsGroup: 1000 + runAsNonRoot: true + runAsUser: 1000 restartPolicy: Always securityContext: fsGroup: 1000 serviceAccountName: keycloakx terminationGracePeriodSeconds: 60 volumes: - - name: db-certs - secret: - defaultMode: 256 - items: - - key: tls.crt - path: tls.crt - secretName: keycloak-postgresql-tls - - name: keycloak-tls - secret: - defaultMode: 420 - secretName: keycloak-tls - - emptyDir: {} - name: themes + - name: db-certs + secret: + defaultMode: 256 + items: + - key: tls.crt + path: tls.crt + secretName: keycloak-postgresql-tls + - name: keycloak-tls + secret: + defaultMode: 420 + secretName: keycloak-tls + - emptyDir: {} + name: themes updateStrategy: type: RollingUpdate diff --git a/tests/golden/openshift-postgres/openshift-postgres/openshift-postgres/01_keycloak_helmchart/keycloakx/templates/statefulset.yaml b/tests/golden/openshift-postgres/openshift-postgres/openshift-postgres/01_keycloak_helmchart/keycloakx/templates/statefulset.yaml index 587f8d6c..705fbb8c 100644 --- a/tests/golden/openshift-postgres/openshift-postgres/openshift-postgres/01_keycloak_helmchart/keycloakx/templates/statefulset.yaml +++ b/tests/golden/openshift-postgres/openshift-postgres/openshift-postgres/01_keycloak_helmchart/keycloakx/templates/statefulset.yaml @@ -30,159 +30,159 @@ spec: affinity: podAntiAffinity: preferredDuringSchedulingIgnoredDuringExecution: - - podAffinityTerm: - labelSelector: + - podAffinityTerm: + labelSelector: + matchExpressions: + - key: app.kubernetes.io/component + operator: NotIn + values: + - test + matchLabels: + app.kubernetes.io/instance: keycloakx + app.kubernetes.io/name: keycloakx + topologyKey: topology.kubernetes.io/zone + weight: 100 + requiredDuringSchedulingIgnoredDuringExecution: + - labelSelector: matchExpressions: - - key: app.kubernetes.io/component - operator: NotIn - values: - - test + - key: app.kubernetes.io/component + operator: NotIn + values: + - test matchLabels: app.kubernetes.io/instance: keycloakx app.kubernetes.io/name: keycloakx - topologyKey: topology.kubernetes.io/zone - weight: 100 - requiredDuringSchedulingIgnoredDuringExecution: - - labelSelector: - matchExpressions: - - key: app.kubernetes.io/component - operator: NotIn - values: - - test - matchLabels: - app.kubernetes.io/instance: keycloakx - app.kubernetes.io/name: keycloakx - topologyKey: kubernetes.io/hostname + topologyKey: kubernetes.io/hostname containers: - - args: - - start - - --auto-build - - --http-enabled=true - env: - - name: JAVA_OPTS - value: -XX:+UseContainerSupport -XX:MaxRAMPercentage=50.0 -Djava.net.preferIPv4Stack=true - -Djava.awt.headless=true -Djgroups.dns.query=keycloakx-headless - - name: KC_CACHE - value: ispn - - name: KC_CACHE_STACK - value: kubernetes - - name: KC_DB - value: postgres - - name: KC_DB_URL_DATABASE - value: keycloak - - name: KC_DB_URL_HOST - value: keycloak-postgresql - - name: KC_DB_URL_PORT - value: '5432' - - name: KC_DB_USERNAME - value: keycloak - - name: KC_HEALTH_ENABLED - value: 'true' - - name: KC_HOSTNAME - value: keycloak.example.com - - name: KC_HOSTNAME_STRICT - value: 'false' - - name: KC_HTTPS_CERTIFICATE_FILE - value: /etc/x509/https/tls.crt - - name: KC_HTTPS_CERTIFICATE_KEY_FILE - value: /etc/x509/https/tls.key - - name: KC_HTTP_RELATIVE_PATH - value: /auth - - name: KC_METRICS_ENABLED - value: 'true' - - name: KC_PROXY - value: reencrypt - envFrom: - - secretRef: - name: keycloak-admin-user - - secretRef: - name: keycloak-postgresql - image: quay.io/keycloak/keycloak:18.0.2 - imagePullPolicy: IfNotPresent - livenessProbe: - httpGet: - path: /auth/health/live - port: http - initialDelaySeconds: 0 - timeoutSeconds: 5 - name: keycloak - ports: - - containerPort: 8080 - name: http - protocol: TCP - - containerPort: 8443 - name: https - protocol: TCP - readinessProbe: - httpGet: - path: /auth/health/ready - port: http - initialDelaySeconds: 10 - timeoutSeconds: 1 - resources: - limits: - cpu: '1' - memory: 1Gi - requests: - cpu: 500m - memory: 512Mi - securityContext: - runAsNonRoot: true - runAsUser: 1000 - startupProbe: - failureThreshold: 60 - httpGet: - path: /auth/health - port: http - initialDelaySeconds: 15 - periodSeconds: 5 - timeoutSeconds: 1 - volumeMounts: - - mountPath: /opt/keycloak/db-certs - name: db-certs - readOnly: true - - mountPath: /etc/x509/https - name: keycloak-tls - readOnly: true + - args: + - start + - --auto-build + - --http-enabled=true + env: + - name: JAVA_OPTS + value: -XX:+UseContainerSupport -XX:MaxRAMPercentage=50.0 -Djava.net.preferIPv4Stack=true + -Djava.awt.headless=true -Djgroups.dns.query=keycloakx-headless + - name: KC_CACHE + value: ispn + - name: KC_CACHE_STACK + value: kubernetes + - name: KC_DB + value: postgres + - name: KC_DB_URL_DATABASE + value: keycloak + - name: KC_DB_URL_HOST + value: keycloak-postgresql + - name: KC_DB_URL_PORT + value: '5432' + - name: KC_DB_USERNAME + value: keycloak + - name: KC_HEALTH_ENABLED + value: 'true' + - name: KC_HOSTNAME + value: keycloak.example.com + - name: KC_HOSTNAME_STRICT + value: 'false' + - name: KC_HTTPS_CERTIFICATE_FILE + value: /etc/x509/https/tls.crt + - name: KC_HTTPS_CERTIFICATE_KEY_FILE + value: /etc/x509/https/tls.key + - name: KC_HTTP_RELATIVE_PATH + value: /auth + - name: KC_METRICS_ENABLED + value: 'true' + - name: KC_PROXY + value: reencrypt + envFrom: + - secretRef: + name: keycloak-admin-user + - secretRef: + name: keycloak-postgresql + image: quay.io/keycloak/keycloak:18.0.2 + imagePullPolicy: IfNotPresent + livenessProbe: + httpGet: + path: /auth/health/live + port: http + initialDelaySeconds: 0 + timeoutSeconds: 5 + name: keycloak + ports: + - containerPort: 8080 + name: http + protocol: TCP + - containerPort: 8443 + name: https + protocol: TCP + readinessProbe: + httpGet: + path: /auth/health/ready + port: http + initialDelaySeconds: 10 + timeoutSeconds: 1 + resources: + limits: + cpu: '1' + memory: 1Gi + requests: + cpu: 500m + memory: 512Mi + securityContext: + runAsNonRoot: true + runAsUser: 1000 + startupProbe: + failureThreshold: 60 + httpGet: + path: /auth/health + port: http + initialDelaySeconds: 15 + periodSeconds: 5 + timeoutSeconds: 1 + volumeMounts: + - mountPath: /opt/keycloak/db-certs + name: db-certs + readOnly: true + - mountPath: /etc/x509/https + name: keycloak-tls + readOnly: true enableServiceLinks: true initContainers: - - command: - - sh - - -c - - "echo 'Waiting for Database to become ready...'\n\nuntil printf \".\" &&\ - \ nc -z -w 2 keycloak-postgresql 5432; do\n sleep 2;\ndone;\n\necho 'Database\ - \ OK \u2713'\n" - image: docker.io/busybox:1.32 - imagePullPolicy: IfNotPresent - name: dbchecker - resources: - limits: - cpu: 20m - memory: 32Mi - requests: - cpu: 20m - memory: 32Mi - securityContext: - allowPrivilegeEscalation: false - runAsGroup: 1000 - runAsNonRoot: true - runAsUser: 1000 + - command: + - sh + - -c + - "echo 'Waiting for Database to become ready...'\n\nuntil printf \".\"\ + \ && nc -z -w 2 keycloak-postgresql 5432; do\n sleep 2;\ndone;\n\n\ + echo 'Database OK \u2713'\n" + image: docker.io/busybox:1.32 + imagePullPolicy: IfNotPresent + name: dbchecker + resources: + limits: + cpu: 20m + memory: 32Mi + requests: + cpu: 20m + memory: 32Mi + securityContext: + allowPrivilegeEscalation: false + runAsGroup: 1000 + runAsNonRoot: true + runAsUser: 1000 restartPolicy: Always securityContext: fsGroup: 1000 serviceAccountName: keycloakx terminationGracePeriodSeconds: 60 volumes: - - name: db-certs - secret: - defaultMode: 256 - items: - - key: tls.crt - path: tls.crt - secretName: keycloak-postgresql-tls - - name: keycloak-tls - secret: - defaultMode: 420 - secretName: keycloak-tls + - name: db-certs + secret: + defaultMode: 256 + items: + - key: tls.crt + path: tls.crt + secretName: keycloak-postgresql-tls + - name: keycloak-tls + secret: + defaultMode: 420 + secretName: keycloak-tls updateStrategy: type: RollingUpdate diff --git a/tests/golden/openshift-postgres/openshift-postgres/openshift-postgres/01_keycloak_helmchart/postgresql/templates/primary/networkpolicy.yaml b/tests/golden/openshift-postgres/openshift-postgres/openshift-postgres/01_keycloak_helmchart/postgresql/templates/primary/networkpolicy.yaml index 277dde11..b9b2cffe 100644 --- a/tests/golden/openshift-postgres/openshift-postgres/openshift-postgres/01_keycloak_helmchart/postgresql/templates/primary/networkpolicy.yaml +++ b/tests/golden/openshift-postgres/openshift-postgres/openshift-postgres/01_keycloak_helmchart/postgresql/templates/primary/networkpolicy.yaml @@ -11,13 +11,13 @@ metadata: namespace: syn-openshift-postgres spec: ingress: - - from: - - podSelector: - matchLabels: - app.kubernetes.io/instance: keycloakx - app.kubernetes.io/name: keycloakx - ports: - - port: 5432 + - from: + - podSelector: + matchLabels: + app.kubernetes.io/instance: keycloakx + app.kubernetes.io/name: keycloakx + ports: + - port: 5432 podSelector: matchLabels: app.kubernetes.io/component: primary diff --git a/tests/golden/openshift-postgres/openshift-postgres/openshift-postgres/01_keycloak_helmchart/postgresql/templates/primary/statefulset.yaml b/tests/golden/openshift-postgres/openshift-postgres/openshift-postgres/01_keycloak_helmchart/postgresql/templates/primary/statefulset.yaml index c0d7a777..0961895e 100644 --- a/tests/golden/openshift-postgres/openshift-postgres/openshift-postgres/01_keycloak_helmchart/postgresql/templates/primary/statefulset.yaml +++ b/tests/golden/openshift-postgres/openshift-postgres/openshift-postgres/01_keycloak_helmchart/postgresql/templates/primary/statefulset.yaml @@ -40,161 +40,162 @@ spec: podAffinity: null podAntiAffinity: preferredDuringSchedulingIgnoredDuringExecution: - - podAffinityTerm: - labelSelector: - matchLabels: - app.kubernetes.io/component: primary - app.kubernetes.io/instance: keycloak - app.kubernetes.io/name: postgresql - namespaces: - - syn-openshift-postgres - topologyKey: kubernetes.io/hostname - weight: 1 + - podAffinityTerm: + labelSelector: + matchLabels: + app.kubernetes.io/component: primary + app.kubernetes.io/instance: keycloak + app.kubernetes.io/name: postgresql + namespaces: + - syn-openshift-postgres + topologyKey: kubernetes.io/hostname + weight: 1 containers: - - env: - - name: BITNAMI_DEBUG - value: 'false' - - name: POSTGRESQL_PORT_NUMBER - value: '5432' - - name: POSTGRESQL_VOLUME_DIR - value: /bitnami/postgresql - - name: PGDATA - value: /bitnami/postgresql/data - - name: POSTGRES_USER - value: keycloak - - name: POSTGRES_POSTGRES_PASSWORD - valueFrom: - secretKeyRef: - key: postgres-password - name: keycloak-postgresql - - name: POSTGRES_PASSWORD - valueFrom: - secretKeyRef: - key: password - name: keycloak-postgresql - - name: POSTGRES_DB - value: keycloak - - name: POSTGRESQL_ENABLE_LDAP - value: 'no' - - name: POSTGRESQL_ENABLE_TLS - value: 'yes' - - name: POSTGRESQL_TLS_PREFER_SERVER_CIPHERS - value: 'yes' - - name: POSTGRESQL_TLS_CERT_FILE - value: /opt/bitnami/postgresql/certs/tls.crt - - name: POSTGRESQL_TLS_KEY_FILE - value: /opt/bitnami/postgresql/certs/tls.key - - name: POSTGRESQL_LOG_HOSTNAME - value: 'false' - - name: POSTGRESQL_LOG_CONNECTIONS - value: 'false' - - name: POSTGRESQL_LOG_DISCONNECTIONS - value: 'false' - - name: POSTGRESQL_PGAUDIT_LOG_CATALOG - value: 'off' - - name: POSTGRESQL_CLIENT_MIN_MESSAGES - value: error - - name: POSTGRESQL_SHARED_PRELOAD_LIBRARIES - value: pgaudit - image: docker.io/bitnami/postgresql:11.14.0-debian-10-r28 - imagePullPolicy: IfNotPresent - livenessProbe: - exec: - command: - - /bin/sh - - -c - - exec pg_isready -U "keycloak" -d "dbname=keycloak" -h 127.0.0.1 -p 5432 - failureThreshold: 6 - initialDelaySeconds: 30 - periodSeconds: 10 - successThreshold: 1 - timeoutSeconds: 5 - name: postgresql - ports: - - containerPort: 5432 - name: tcp-postgresql - readinessProbe: - exec: - command: - - /bin/sh - - -c - - -e - - | - exec pg_isready -U "keycloak" -d "dbname=keycloak sslcert=/opt/bitnami/postgresql/certs/tls.crt sslkey=/opt/bitnami/postgresql/certs/tls.key" -h 127.0.0.1 -p 5432 - [ -f /opt/bitnami/postgresql/tmp/.initialized ] || [ -f /bitnami/postgresql/.initialized ] - failureThreshold: 6 - initialDelaySeconds: 5 - periodSeconds: 10 - successThreshold: 1 - timeoutSeconds: 5 - resources: - limits: {} - requests: - cpu: 250m - memory: 256Mi - securityContext: - allowPrivilegeEscalation: false - capabilities: - drop: - - ALL - runAsNonRoot: true - seccompProfile: - type: RuntimeDefault - volumeMounts: - - mountPath: /opt/bitnami/postgresql/certs - name: postgresql-certificates - readOnly: true - - mountPath: /bitnami/postgresql - name: data + - env: + - name: BITNAMI_DEBUG + value: 'false' + - name: POSTGRESQL_PORT_NUMBER + value: '5432' + - name: POSTGRESQL_VOLUME_DIR + value: /bitnami/postgresql + - name: PGDATA + value: /bitnami/postgresql/data + - name: POSTGRES_USER + value: keycloak + - name: POSTGRES_POSTGRES_PASSWORD + valueFrom: + secretKeyRef: + key: postgres-password + name: keycloak-postgresql + - name: POSTGRES_PASSWORD + valueFrom: + secretKeyRef: + key: password + name: keycloak-postgresql + - name: POSTGRES_DB + value: keycloak + - name: POSTGRESQL_ENABLE_LDAP + value: 'no' + - name: POSTGRESQL_ENABLE_TLS + value: 'yes' + - name: POSTGRESQL_TLS_PREFER_SERVER_CIPHERS + value: 'yes' + - name: POSTGRESQL_TLS_CERT_FILE + value: /opt/bitnami/postgresql/certs/tls.crt + - name: POSTGRESQL_TLS_KEY_FILE + value: /opt/bitnami/postgresql/certs/tls.key + - name: POSTGRESQL_LOG_HOSTNAME + value: 'false' + - name: POSTGRESQL_LOG_CONNECTIONS + value: 'false' + - name: POSTGRESQL_LOG_DISCONNECTIONS + value: 'false' + - name: POSTGRESQL_PGAUDIT_LOG_CATALOG + value: 'off' + - name: POSTGRESQL_CLIENT_MIN_MESSAGES + value: error + - name: POSTGRESQL_SHARED_PRELOAD_LIBRARIES + value: pgaudit + image: docker.io/bitnami/postgresql:11.14.0-debian-10-r28 + imagePullPolicy: IfNotPresent + livenessProbe: + exec: + command: + - /bin/sh + - -c + - exec pg_isready -U "keycloak" -d "dbname=keycloak" -h 127.0.0.1 + -p 5432 + failureThreshold: 6 + initialDelaySeconds: 30 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 5 + name: postgresql + ports: + - containerPort: 5432 + name: tcp-postgresql + readinessProbe: + exec: + command: + - /bin/sh + - -c + - -e + - | + exec pg_isready -U "keycloak" -d "dbname=keycloak sslcert=/opt/bitnami/postgresql/certs/tls.crt sslkey=/opt/bitnami/postgresql/certs/tls.key" -h 127.0.0.1 -p 5432 + [ -f /opt/bitnami/postgresql/tmp/.initialized ] || [ -f /bitnami/postgresql/.initialized ] + failureThreshold: 6 + initialDelaySeconds: 5 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 5 + resources: + limits: {} + requests: + cpu: 250m + memory: 256Mi + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + runAsNonRoot: true + seccompProfile: + type: RuntimeDefault + volumeMounts: + - mountPath: /opt/bitnami/postgresql/certs + name: postgresql-certificates + readOnly: true + - mountPath: /bitnami/postgresql + name: data hostIPC: false hostNetwork: false initContainers: - - command: - - /bin/sh - - -ec - - | - cp /tmp/certs/* /opt/bitnami/postgresql/certs/ - chmod 600 /opt/bitnami/postgresql/certs/tls.key - image: docker.io/bitnami/bitnami-shell:11-debian-11-r46 - imagePullPolicy: IfNotPresent - name: copy-certs - resources: - limits: {} - requests: - cpu: 250m - memory: 256Mi - securityContext: - allowPrivilegeEscalation: false - capabilities: - drop: - - ALL - runAsNonRoot: true - seccompProfile: - type: RuntimeDefault - volumeMounts: - - mountPath: /tmp/certs - name: raw-certificates - - mountPath: /opt/bitnami/postgresql/certs - name: postgresql-certificates + - command: + - /bin/sh + - -ec + - | + cp /tmp/certs/* /opt/bitnami/postgresql/certs/ + chmod 600 /opt/bitnami/postgresql/certs/tls.key + image: docker.io/bitnami/bitnami-shell:11-debian-11-r46 + imagePullPolicy: IfNotPresent + name: copy-certs + resources: + limits: {} + requests: + cpu: 250m + memory: 256Mi + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + runAsNonRoot: true + seccompProfile: + type: RuntimeDefault + volumeMounts: + - mountPath: /tmp/certs + name: raw-certificates + - mountPath: /opt/bitnami/postgresql/certs + name: postgresql-certificates securityContext: seccompProfile: type: RuntimeDefault serviceAccountName: default volumes: - - name: raw-certificates - secret: - secretName: keycloak-postgresql-tls - - emptyDir: {} - name: postgresql-certificates + - name: raw-certificates + secret: + secretName: keycloak-postgresql-tls + - emptyDir: {} + name: postgresql-certificates updateStrategy: rollingUpdate: {} type: RollingUpdate volumeClaimTemplates: - - metadata: - name: data - spec: - accessModes: - - ReadWriteOnce - resources: - requests: - storage: 8Gi + - metadata: + name: data + spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 8Gi diff --git a/tests/golden/openshift-postgres/openshift-postgres/openshift-postgres/01_keycloak_helmchart/postgresql/templates/primary/svc-headless.yaml b/tests/golden/openshift-postgres/openshift-postgres/openshift-postgres/01_keycloak_helmchart/postgresql/templates/primary/svc-headless.yaml index 08aa6a31..d3d3d73f 100644 --- a/tests/golden/openshift-postgres/openshift-postgres/openshift-postgres/01_keycloak_helmchart/postgresql/templates/primary/svc-headless.yaml +++ b/tests/golden/openshift-postgres/openshift-postgres/openshift-postgres/01_keycloak_helmchart/postgresql/templates/primary/svc-headless.yaml @@ -13,9 +13,9 @@ metadata: spec: clusterIP: None ports: - - name: tcp-postgresql - port: 5432 - targetPort: tcp-postgresql + - name: tcp-postgresql + port: 5432 + targetPort: tcp-postgresql publishNotReadyAddresses: true selector: app.kubernetes.io/component: primary diff --git a/tests/golden/openshift-postgres/openshift-postgres/openshift-postgres/01_keycloak_helmchart/postgresql/templates/primary/svc.yaml b/tests/golden/openshift-postgres/openshift-postgres/openshift-postgres/01_keycloak_helmchart/postgresql/templates/primary/svc.yaml index ddf2024c..bbce3a61 100644 --- a/tests/golden/openshift-postgres/openshift-postgres/openshift-postgres/01_keycloak_helmchart/postgresql/templates/primary/svc.yaml +++ b/tests/golden/openshift-postgres/openshift-postgres/openshift-postgres/01_keycloak_helmchart/postgresql/templates/primary/svc.yaml @@ -12,10 +12,10 @@ metadata: namespace: syn-openshift-postgres spec: ports: - - name: tcp-postgresql - nodePort: null - port: 5432 - targetPort: tcp-postgresql + - name: tcp-postgresql + nodePort: null + port: 5432 + targetPort: tcp-postgresql selector: app.kubernetes.io/component: primary app.kubernetes.io/instance: keycloak diff --git a/tests/golden/openshift/openshift/openshift/01_keycloak_helmchart/keycloakx/templates/statefulset.yaml b/tests/golden/openshift/openshift/openshift/01_keycloak_helmchart/keycloakx/templates/statefulset.yaml index d01434eb..3d69d511 100644 --- a/tests/golden/openshift/openshift/openshift/01_keycloak_helmchart/keycloakx/templates/statefulset.yaml +++ b/tests/golden/openshift/openshift/openshift/01_keycloak_helmchart/keycloakx/templates/statefulset.yaml @@ -30,187 +30,187 @@ spec: affinity: podAntiAffinity: preferredDuringSchedulingIgnoredDuringExecution: - - podAffinityTerm: - labelSelector: + - podAffinityTerm: + labelSelector: + matchExpressions: + - key: app.kubernetes.io/component + operator: NotIn + values: + - test + matchLabels: + app.kubernetes.io/instance: keycloakx + app.kubernetes.io/name: keycloakx + topologyKey: topology.kubernetes.io/zone + weight: 100 + requiredDuringSchedulingIgnoredDuringExecution: + - labelSelector: matchExpressions: - - key: app.kubernetes.io/component - operator: NotIn - values: - - test + - key: app.kubernetes.io/component + operator: NotIn + values: + - test matchLabels: app.kubernetes.io/instance: keycloakx app.kubernetes.io/name: keycloakx - topologyKey: topology.kubernetes.io/zone - weight: 100 - requiredDuringSchedulingIgnoredDuringExecution: - - labelSelector: - matchExpressions: - - key: app.kubernetes.io/component - operator: NotIn - values: - - test - matchLabels: - app.kubernetes.io/instance: keycloakx - app.kubernetes.io/name: keycloakx - topologyKey: kubernetes.io/hostname + topologyKey: kubernetes.io/hostname containers: - - args: - - start - - --auto-build - - --http-enabled=true - env: - - name: JAVA_OPTS - value: -XX:+UseContainerSupport -XX:MaxRAMPercentage=50.0 -Djava.net.preferIPv4Stack=true - -Djava.awt.headless=true -Djgroups.dns.query=keycloakx-headless - - name: KC_CACHE - value: ispn - - name: KC_CACHE_STACK - value: kubernetes - - name: KC_DB - value: mariadb - - name: KC_DB_URL_DATABASE - value: keycloak_dev - - name: KC_DB_URL_HOST - value: maxscale-masteronly - - name: KC_DB_URL_PORT - value: '3306' - - name: KC_DB_USERNAME - value: keycloak_dev - - name: KC_HEALTH_ENABLED - value: 'true' - - name: KC_HOSTNAME - value: keycloak.example.com - - name: KC_HOSTNAME_STRICT - value: 'false' - - name: KC_HTTPS_CERTIFICATE_FILE - value: /etc/x509/https/tls.crt - - name: KC_HTTPS_CERTIFICATE_KEY_FILE - value: /etc/x509/https/tls.key - - name: KC_HTTP_RELATIVE_PATH - value: /auth - - name: KC_METRICS_ENABLED - value: 'true' - - name: KC_PROXY - value: reencrypt - envFrom: - - secretRef: - name: keycloak-admin-user - - secretRef: - name: keycloak-postgresql - image: quay.io/keycloak/keycloak:18.0.2 - imagePullPolicy: IfNotPresent - livenessProbe: - httpGet: - path: /auth/health/live - port: http - initialDelaySeconds: 0 - timeoutSeconds: 5 - name: keycloak - ports: - - containerPort: 8080 - name: http - protocol: TCP - - containerPort: 8443 - name: https - protocol: TCP - readinessProbe: - httpGet: - path: /auth/health/ready - port: http - initialDelaySeconds: 10 - timeoutSeconds: 1 - resources: - limits: - cpu: '1' - memory: 1Gi - requests: - cpu: 500m - memory: 512Mi - securityContext: null - startupProbe: - failureThreshold: 60 - httpGet: - path: /auth/health - port: http - initialDelaySeconds: 15 - periodSeconds: 5 - timeoutSeconds: 1 - volumeMounts: - - mountPath: /opt/keycloak/db-certs - name: db-certs - readOnly: true - - mountPath: /etc/x509/https - name: keycloak-tls - readOnly: true - - mountPath: /opt/keycloak/themes/app1 - name: themes - subPath: app1 - - mountPath: /opt/keycloak/themes/app2 - name: themes - subPath: app2 - - mountPath: /opt/keycloak/themes/customer - name: themes - subPath: customer - - mountPath: /opt/keycloak/themes/dev-app1 - name: themes - subPath: dev-app1 - - mountPath: /opt/keycloak/themes/dev-app2 - name: themes - subPath: dev-app2 - - mountPath: /opt/keycloak/themes/int-app1 - name: themes - subPath: int-app1 - - mountPath: /opt/keycloak/themes/int-app2 - name: themes - subPath: int-app2 + - args: + - start + - --auto-build + - --http-enabled=true + env: + - name: JAVA_OPTS + value: -XX:+UseContainerSupport -XX:MaxRAMPercentage=50.0 -Djava.net.preferIPv4Stack=true + -Djava.awt.headless=true -Djgroups.dns.query=keycloakx-headless + - name: KC_CACHE + value: ispn + - name: KC_CACHE_STACK + value: kubernetes + - name: KC_DB + value: mariadb + - name: KC_DB_URL_DATABASE + value: keycloak_dev + - name: KC_DB_URL_HOST + value: maxscale-masteronly + - name: KC_DB_URL_PORT + value: '3306' + - name: KC_DB_USERNAME + value: keycloak_dev + - name: KC_HEALTH_ENABLED + value: 'true' + - name: KC_HOSTNAME + value: keycloak.example.com + - name: KC_HOSTNAME_STRICT + value: 'false' + - name: KC_HTTPS_CERTIFICATE_FILE + value: /etc/x509/https/tls.crt + - name: KC_HTTPS_CERTIFICATE_KEY_FILE + value: /etc/x509/https/tls.key + - name: KC_HTTP_RELATIVE_PATH + value: /auth + - name: KC_METRICS_ENABLED + value: 'true' + - name: KC_PROXY + value: reencrypt + envFrom: + - secretRef: + name: keycloak-admin-user + - secretRef: + name: keycloak-postgresql + image: quay.io/keycloak/keycloak:18.0.2 + imagePullPolicy: IfNotPresent + livenessProbe: + httpGet: + path: /auth/health/live + port: http + initialDelaySeconds: 0 + timeoutSeconds: 5 + name: keycloak + ports: + - containerPort: 8080 + name: http + protocol: TCP + - containerPort: 8443 + name: https + protocol: TCP + readinessProbe: + httpGet: + path: /auth/health/ready + port: http + initialDelaySeconds: 10 + timeoutSeconds: 1 + resources: + limits: + cpu: '1' + memory: 1Gi + requests: + cpu: 500m + memory: 512Mi + securityContext: null + startupProbe: + failureThreshold: 60 + httpGet: + path: /auth/health + port: http + initialDelaySeconds: 15 + periodSeconds: 5 + timeoutSeconds: 1 + volumeMounts: + - mountPath: /opt/keycloak/db-certs + name: db-certs + readOnly: true + - mountPath: /etc/x509/https + name: keycloak-tls + readOnly: true + - mountPath: /opt/keycloak/themes/app1 + name: themes + subPath: app1 + - mountPath: /opt/keycloak/themes/app2 + name: themes + subPath: app2 + - mountPath: /opt/keycloak/themes/customer + name: themes + subPath: customer + - mountPath: /opt/keycloak/themes/dev-app1 + name: themes + subPath: dev-app1 + - mountPath: /opt/keycloak/themes/dev-app2 + name: themes + subPath: dev-app2 + - mountPath: /opt/keycloak/themes/int-app1 + name: themes + subPath: int-app1 + - mountPath: /opt/keycloak/themes/int-app2 + name: themes + subPath: int-app2 enableServiceLinks: true initContainers: - - command: - - sh - - -c - - "echo 'Waiting for Database to become ready...'\n\nuntil printf \".\" &&\ - \ nc -z -w 2 maxscale-masteronly 3306; do\n sleep 2;\ndone;\n\necho 'Database\ - \ OK \u2713'\n" - image: docker.io/busybox:1.32 - imagePullPolicy: IfNotPresent - name: dbchecker - resources: - limits: - cpu: 20m - memory: 32Mi - requests: - cpu: 20m - memory: 32Mi - securityContext: - allowPrivilegeEscalation: false - runAsGroup: 1000 - runAsNonRoot: true - runAsUser: 1000 - - args: - - -c - - | - echo "Copying theme..." - cp -Rv /themes/* /target/ - command: - - sh - image: image-registry.openshift-image-registry.svc:5000/builds/customer-keycloak-theme:dev - imagePullPolicy: Always - name: theme-provider - volumeMounts: - - mountPath: /target - name: themes + - command: + - sh + - -c + - "echo 'Waiting for Database to become ready...'\n\nuntil printf \".\"\ + \ && nc -z -w 2 maxscale-masteronly 3306; do\n sleep 2;\ndone;\n\n\ + echo 'Database OK \u2713'\n" + image: docker.io/busybox:1.32 + imagePullPolicy: IfNotPresent + name: dbchecker + resources: + limits: + cpu: 20m + memory: 32Mi + requests: + cpu: 20m + memory: 32Mi + securityContext: + allowPrivilegeEscalation: false + runAsGroup: 1000 + runAsNonRoot: true + runAsUser: 1000 + - args: + - -c + - | + echo "Copying theme..." + cp -Rv /themes/* /target/ + command: + - sh + image: image-registry.openshift-image-registry.svc:5000/builds/customer-keycloak-theme:dev + imagePullPolicy: Always + name: theme-provider + volumeMounts: + - mountPath: /target + name: themes restartPolicy: Always securityContext: null serviceAccountName: keycloakx terminationGracePeriodSeconds: 60 volumes: - - emptyDir: {} - name: db-certs - - name: keycloak-tls - secret: - defaultMode: 420 - secretName: keycloak-tls - - emptyDir: {} - name: themes + - emptyDir: {} + name: db-certs + - name: keycloak-tls + secret: + defaultMode: 420 + secretName: keycloak-tls + - emptyDir: {} + name: themes updateStrategy: type: RollingUpdate