ci(helm): move randomly generated secret to helpers.tpl

k8s/helm/hub-adapter/Chart.yaml

@@ -21,3 +21,9 @@ version: 0.1.0
 # incremented each time you make changes to the application. Versions are not expected to
 # follow Semantic Versioning. They should reflect the version the application is using.
 appVersion: latest
+icon: https://avatars.githubusercontent.com/u/117945681?s=200&v=4
+
+dependencies:
+  - name: keycloak
+    repository: https://charts.bitnami.com/bitnami
+    version: 21.0.2

k8s/helm/hub-adapter/templates/_helpers.tpl

@@ -16,11 +16,22 @@ Return the secret key that contains the Keycloak client secret
 {{- define "adapter.keycloak.secretKey" -}}
 {{- $secretName := .Values.idp.existingSecret -}}
 {{- if .Values.idp.debug -}}
-    {{- print "static" -}}
+    {{- print "hubAdapterClientSecret" -}}
 {{- else if and $secretName .Values.idp.existingSecretKey -}}
     {{- printf "%s" .Values.idp.existingSecretKey -}}
 {{- else -}}
-    {{- print "hub-adapter-kc-secret" -}}
+    {{- print "hubAdapterClientSecret" -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Generate a random clientSecret value for the hub-adapter client in keycloak if none provided
+*/}}
+{{- define "adapter.keycloak.clientSecret" -}}
+{{- if .Values.idp.debug -}}
+    {{- print "cFR2THJCS3V5MHZ4cnV2VXByd3NYcEV0dzg0ZEROOUM=" -}}
+{{- else -}}
+    {{- printf "%s" ( randAlphaNum 22 | b64enc | quote ) -}}
 {{- end -}}
 {{- end -}}
 
@@ -53,7 +64,7 @@ Return the Kong admin service endpoint
 {{- if .Values.node.kong -}}
     {{- .Values.node.kong -}}
 {{- else -}}
-    {{- printf "http://%s-kong-service:8000" .Release.Name -}}
+    {{- printf "http://%s-kong-service" .Release.Name -}}
 {{- end -}}
 {{- end -}}
 

k8s/helm/hub-adapter/templates/hub-adapter-secret.yaml

@@ -5,7 +5,8 @@ apiVersion: v1
 kind: Secret
 metadata:
   name: {{ .Release.Name }}-hub-adapter-keycloak-secret
+  namespace: {{ .Release.Namespace }}
+type: Opaque
 data:
-  static: cFR2THJCS3V5MHZ4cnV2VXByd3NYcEV0dzg0ZEROOUM= # Same as hardcoded secret in keycloak init realm, for testing
-  hub-adapter-kc-secret: {{ randAlphaNum 30 | b64enc | quote }}
+  hubAdapterClientSecret: {{ include "adapter.keycloak.clientSecret" . | indent 2 }}
 {{- end }}

k8s/helm/hub-adapter/values.yaml

@@ -1,6 +1,3 @@
-## @param nameOverride String to partially override common.names.fullname template (will maintain the release name)
-nameOverride: ""
-
 ## For defining ingress specific metadata
 ingress:
   domain: localhost
@@ -43,5 +40,5 @@ hub:
   authApi: https://privateaim.net/auth
   ## Credentials used for retrieving a valid token from the hub
   auth:
-      username: ""
-      password: ""
+    username: ""
+    password: ""

k8s/helm/keycloak-values.yaml

@@ -0,0 +1,34 @@
+keycloak:
+  auth:
+    adminUser: admin
+    adminPassword: admin
+  postgresql:
+    enabled: true
+    nameOverride: keycloak-postgresql
+    auth:
+      postgresPassword: "foo"  # TODO remove!! Not needed since secret is provided
+      username: keycloak  # custom user
+      password: keycloak  # custom user pwd
+      database: keycloak
+      # existingSecret: "kc-password-secret"  # admin password, requires "password" key in secret
+    architecture: standalone
+
+  keycloakConfigCli:
+    ## @param keycloakConfigCli.enabled Whether to enable keycloak-config-cli job
+    ## Must be set to true to apply settings below
+    enabled: true
+    ## @param keycloakConfigCli.configuration keycloak-config-cli realms configuration
+    ## NOTE: nil keys will be considered files to import locally
+    ## Example:
+    ## configuration:
+    ##   realm1.json: |
+    ##     {
+    ##       "realm": "realm1",
+    ##       "clients": []
+    ##     }
+    ##   files/realm2.yaml:
+    ##   realm3.yaml: |
+    ##     realm: realm3
+    ##     clients: []
+    ##
+    existingConfigmap: "flame-default-realm"