Fix keycloak connection to db

yonote-chart-service/secret-values.yaml

@@ -29,7 +29,7 @@ yonoteDatabase:
         password: "wsGZ6kXhr5"
         postgresPassword: "QQYw4UjOU"
 
-# yonote-redis: # Если используете пароль для redis
+# yonote-redis: # Если используете auth для redis
 #   auth:
 #     password: "12345678"
 
@@ -40,7 +40,4 @@ minio:
 
 keycloak:
   auth:
-   adminPassword: "root"
-  postgresql:
-    auth:
-      password: "tT9BqYdNyd"
+   adminPassword: "root"

yonote-chart-service/templates/configmap-initdb.yaml

@@ -0,0 +1,7 @@
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: postgres-init-scripts
+data:
+  init.sql: |
+    CREATE DATABASE "{{ .Values.keycloak.externalDatabase.database }}";

yonote-chart-service/values.yaml

@@ -510,11 +510,23 @@ yonoteDatabase:
         cpu: 500m
         memory: 512Mi
 
+    extraVolumes:
+      - name: init-scripts
+        configMap:
+          name: postgres-init-scripts
+
+    extraVolumeMounts:
+      - name: init-scripts
+        mountPath: /docker-entrypoint-initdb.d
+        readOnly: true
+
 yonote-redis:
   enabled: true
   fullnameOverride: yonote-redis
   nameOverride: redis
   architecture: standalone
+  image:
+    tag: 7.2.0-debian-11-r0
   
   auth:
     enabled: false
@@ -587,28 +599,26 @@ mcJob:
   enabled: true
 
 keycloak:
+  fullnameOverride: yonote-keycloak
+  nameOverride: yonote-keycloak
+  
   auth:
     adminUser: root
 
-  fullnameOverride: yonote-keycloak
-  nameOverride: yonote-keycloak
+  proxy: "edge"
 
   command:
     - /bin/bash
     - -c
     - |
-      /opt/bitnami/keycloak/bin/kc.sh import --file=/opt/bitnami/keycloak/data/import/realm-export.json && \
-      /opt/bitnami/keycloak/bin/kc.sh start-dev
+       /opt/bitnami/keycloak/bin/kc.sh start --import-realm --hostname={{ .Values.ingress.hostname }} --hostname-strict=true --hostname-strict-backchannel=true --https-protocols=TLSv1.2 --proxy=edge --db postgres --db-url-host yonote-database  --db-username postgres --db-password="$(DB_PASSWORD)"
 
   extraEnvVars:
-    - name: KC_DB_PASSWORD
-      value: "{{ .Values.keycloak.postgresql.auth.password }}"
-    - name: KEYCLOAK_PRODUCTION
-      value: "true"
-    - name: KC_HOSTNAME_URL
-      value: "https://auth.example.com"
-    - name: KC_HOSTNAME_ADMIN_URL
-      value: "https://auth.example.com"
+    - name: DB_PASSWORD
+      valueFrom:
+        secretKeyRef:
+          name: yonote-database
+          key: postgres-password
 
   extraVolumes:
     - name: realm-export
@@ -624,14 +634,13 @@ keycloak:
     enabled: true
     hostname: auth.example.com
     ingressClassName: traefik
-    tls: true
-    annotations:
-      kubernetes.io/ingress.class: traefik
-      # cert-manager.io/cluster-issuer: letsencrypt.example.com # Если используете
-    extraTls:
+    tls: 
       - hosts:
           - "auth.example.com"
-        secretName: "you_tls_secret"
+        secretName: "auth.example.com-tls"
+    annotations:
+      kubernetes.io/ingress.class: traefik
+      # cert-manager.io/cluster-issuer: letsencrypt.example.com #Если используете
     rules:
       - host: "auth.example.com"
         paths: 
@@ -646,8 +655,6 @@ keycloak:
               name: yonote-keycloak
               port: http
 
-  proxy: "edge"
-
   resources:
     limits:
       cpu: 1
@@ -657,13 +664,18 @@ keycloak:
       memory: 256Mi
   
   postgresql:
-    enabled: true
-    auth:
-      database: keycloak
-      username: keycloak
-    name: keycloak-database
-    fullnameOverride: keycloak-database
-    nameOverride: keycloak-database
-    primary:
-      persistence:
-        size: 5Gi
+    enabled: false
+
+  externalDatabase:
+    host: jdbc:postgresql://yonote-database
+    port: 5432
+    user: postgres
+    database: keycloak
+
+  livenessProbe:
+    initialDelaySeconds: 240
+    timeoutSeconds: 5
+
+  readinessProbe:
+    initialDelaySeconds: 120
+    timeoutSeconds: 5