Fix keycloak connection to db

This commit is contained in:
artem.drozdov 2024-10-07 13:48:43 +03:00
parent a9b549ab60
commit 40beb5664a
3 changed files with 51 additions and 35 deletions

View File

@ -29,7 +29,7 @@ yonoteDatabase:
password: "wsGZ6kXhr5"
postgresPassword: "QQYw4UjOU"
# yonote-redis: # Если используете пароль для redis
# yonote-redis: # Если используете auth для redis
# auth:
# password: "12345678"
@ -41,6 +41,3 @@ minio:
keycloak:
auth:
adminPassword: "root"
postgresql:
auth:
password: "tT9BqYdNyd"

View File

@ -0,0 +1,7 @@
apiVersion: v1
kind: ConfigMap
metadata:
name: postgres-init-scripts
data:
init.sql: |
CREATE DATABASE "{{ .Values.keycloak.externalDatabase.database }}";

View File

@ -510,11 +510,23 @@ yonoteDatabase:
cpu: 500m
memory: 512Mi
extraVolumes:
- name: init-scripts
configMap:
name: postgres-init-scripts
extraVolumeMounts:
- name: init-scripts
mountPath: /docker-entrypoint-initdb.d
readOnly: true
yonote-redis:
enabled: true
fullnameOverride: yonote-redis
nameOverride: redis
architecture: standalone
image:
tag: 7.2.0-debian-11-r0
auth:
enabled: false
@ -587,28 +599,26 @@ mcJob:
enabled: true
keycloak:
fullnameOverride: yonote-keycloak
nameOverride: yonote-keycloak
auth:
adminUser: root
fullnameOverride: yonote-keycloak
nameOverride: yonote-keycloak
proxy: "edge"
command:
- /bin/bash
- -c
- |
/opt/bitnami/keycloak/bin/kc.sh import --file=/opt/bitnami/keycloak/data/import/realm-export.json && \
/opt/bitnami/keycloak/bin/kc.sh start-dev
/opt/bitnami/keycloak/bin/kc.sh start --import-realm --hostname={{ .Values.ingress.hostname }} --hostname-strict=true --hostname-strict-backchannel=true --https-protocols=TLSv1.2 --proxy=edge --db postgres --db-url-host yonote-database --db-username postgres --db-password="$(DB_PASSWORD)"
extraEnvVars:
- name: KC_DB_PASSWORD
value: "{{ .Values.keycloak.postgresql.auth.password }}"
- name: KEYCLOAK_PRODUCTION
value: "true"
- name: KC_HOSTNAME_URL
value: "https://auth.example.com"
- name: KC_HOSTNAME_ADMIN_URL
value: "https://auth.example.com"
- name: DB_PASSWORD
valueFrom:
secretKeyRef:
name: yonote-database
key: postgres-password
extraVolumes:
- name: realm-export
@ -624,14 +634,13 @@ keycloak:
enabled: true
hostname: auth.example.com
ingressClassName: traefik
tls: true
tls:
- hosts:
- "auth.example.com"
secretName: "auth.example.com-tls"
annotations:
kubernetes.io/ingress.class: traefik
# cert-manager.io/cluster-issuer: letsencrypt.example.com #Если используете
extraTls:
- hosts:
- "auth.example.com"
secretName: "you_tls_secret"
rules:
- host: "auth.example.com"
paths:
@ -646,8 +655,6 @@ keycloak:
name: yonote-keycloak
port: http
proxy: "edge"
resources:
limits:
cpu: 1
@ -657,13 +664,18 @@ keycloak:
memory: 256Mi
postgresql:
enabled: true
auth:
enabled: false
externalDatabase:
host: jdbc:postgresql://yonote-database
port: 5432
user: postgres
database: keycloak
username: keycloak
name: keycloak-database
fullnameOverride: keycloak-database
nameOverride: keycloak-database
primary:
persistence:
size: 5Gi
livenessProbe:
initialDelaySeconds: 240
timeoutSeconds: 5
readinessProbe:
initialDelaySeconds: 120
timeoutSeconds: 5