Skip to content

chore: replace bitnami dependencies #553

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Draft
vincentchalamon wants to merge 2 commits into
base: 4.2
Choose a base branch
from
Draft

chore: replace bitnami dependencies #553

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
bdff0bc
chore: replace bitnami/postgresql with custom template
vincentchalamon Nov 3, 2025
b465368
chore: replace bitnami/keycloak with custom template
vincentchalamon Nov 13, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
14 changes: 6 additions & 8 deletions compose.e2e.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,12 +1,10 @@
services:
keycloak:
command: start-dev --import-realm
environment:
KEYCLOAK_ENABLE_HTTPS: "true"
KEYCLOAK_HTTPS_USE_PEM: "true"
KEYCLOAK_HTTPS_CERTIFICATE_FILE: /opt/bitnami/keycloak/certs/tls.crt
KEYCLOAK_HTTPS_CERTIFICATE_KEY_FILE: /opt/bitnami/keycloak/certs/tls.key
KEYCLOAK_EXTRA_ARGS: "--import-realm"
KC_HTTPS_CERTIFICATE_FILE: /opt/keycloak/certs/tls.crt
KC_HTTPS_CERTIFICATE_KEY_FILE: /opt/keycloak/certs/tls.key
volumes:
- ./helm/api-platform/keycloak/certs/tls.crt:/opt/bitnami/keycloak/certs/tls.crt:ro
- ./helm/api-platform/keycloak/certs/tls.pem:/opt/bitnami/keycloak/certs/tls.key:ro
- ./helm/api-platform/keycloak/config:/opt/bitnami/keycloak/data/import
- ./helm/api-platform/keycloak/certs/tls.crt:/opt/keycloak/certs/tls.crt:ro
- ./helm/api-platform/keycloak/certs/tls.pem:/opt/keycloak/certs/tls.key:ro
- ./helm/api-platform/keycloak/config:/opt/keycloak/data/import
7 changes: 3 additions & 4 deletions compose.override.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -57,8 +57,7 @@ services:
build:
context: ./helm/api-platform/keycloak/
target: keycloak
environment:
KEYCLOAK_EXTRA_ARGS: "--import-realm"
command: start-dev --import-realm
volumes:
- ./helm/api-platform/keycloak/themes/api-platform-demo:/opt/bitnami/keycloak/themes/api-platform-demo
- ./helm/api-platform/keycloak/config:/opt/bitnami/keycloak/data/import
- ./helm/api-platform/keycloak/themes/api-platform-demo:/opt/keycloak/themes/api-platform-demo
- ./helm/api-platform/keycloak/config:/opt/keycloak/data/import
2 changes: 1 addition & 1 deletion compose.prod.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -43,5 +43,5 @@ services:
context: ./helm/api-platform/keycloak/
target: keycloak
environment:
KEYCLOAK_PRODUCTION: "true"
KC_PRODUCTION: "true"
KC_BOOTSTRAP_ADMIN_PASSWORD: ${KC_BOOTSTRAP_ADMIN_PASSWORD}
22 changes: 11 additions & 11 deletions compose.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -104,20 +104,20 @@ services:
keycloak:
image: app_keycloak
environment:
KEYCLOAK_DATABASE_HOST: keycloak-database
KEYCLOAK_DATABASE_NAME: ${KEYCLOAK_POSTGRES_DB:-keycloak}
KEYCLOAK_DATABASE_USER: ${KEYCLOAK_POSTGRES_USER:-keycloak}
KEYCLOAK_DATABASE_PASSWORD: ${KEYCLOAK_POSTGRES_PASSWORD:-!ChangeMe!}
KC_DB: postgres
KC_DB_URL: jdbc:postgresql://keycloak-database:5432/${KEYCLOAK_POSTGRES_DB:-keycloak}
KC_DB_USERNAME: ${KEYCLOAK_POSTGRES_USER:-keycloak}
KC_DB_PASSWORD: ${KEYCLOAK_POSTGRES_PASSWORD:-!ChangeMe!}
KC_BOOTSTRAP_ADMIN_USERNAME: ${KC_BOOTSTRAP_ADMIN_USERNAME:-admin}
KC_BOOTSTRAP_ADMIN_PASSWORD: ${KC_BOOTSTRAP_ADMIN_PASSWORD:-!ChangeMe!}
# Must finish with a trailing slash (https://github.com/bitnami/charts/issues/10885#issuecomment-1414279144)
KEYCLOAK_HTTP_RELATIVE_PATH: /oidc/
KEYCLOAK_HOSTNAME: https://${SERVER_NAME:-localhost}/oidc/
KEYCLOAK_HOSTNAME_ADMIN: https://${SERVER_NAME:-localhost}/oidc/
KEYCLOAK_ENABLE_HEALTH_ENDPOINTS: "true"
# https://www.keycloak.org/server/all-config#category-health
# Must finish with a trailing slash
KC_HTTP_RELATIVE_PATH: /oidc/
KC_HOSTNAME: https://${SERVER_NAME:-localhost}/oidc/
KC_HOSTNAME_ADMIN: https://${SERVER_NAME:-localhost}/oidc/
KC_HEALTH_ENABLED: "true"
KC_METRICS_ENABLED: "true"
healthcheck:
test: [ "CMD-SHELL", "curl http://127.0.0.1:8080/oidc/health || exit 1"]
test: ["CMD-SHELL", "bash -c ':> /dev/tcp/localhost/8080'"]
start_period: 15s
interval: 5s
timeout: 3s
Expand Down
12 changes: 3 additions & 9 deletions helm/api-platform/Chart.lock
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,12 +1,6 @@
dependencies:
- name: postgresql
repository: https://charts.bitnami.com/bitnami/
version: 15.5.6
- name: external-dns
repository: https://charts.bitnami.com/bitnami/
version: 7.5.6
- name: keycloak
repository: https://charts.bitnami.com/bitnami/
version: 21.4.2
digest: sha256:fa058d1558ec980b14354478fed4725d46b1f2a9b274af9ee7bee419944e926a
generated: "2024-06-18T13:57:36.134642207+02:00"
version: 9.0.3
digest: sha256:3b0229942127a01c02f151e18b739c39b68e6458c6b865e3a3dd90fcfe198c99
generated: "2026-02-04T16:01:05.816182082+01:00"
10 changes: 1 addition & 9 deletions helm/api-platform/Chart.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -25,15 +25,7 @@ version: 4.2.15
appVersion: 4.2.15

dependencies:
- name: postgresql
version: ~15.5.6
repository: https://charts.bitnami.com/bitnami/
condition: postgresql.enabled
- name: external-dns
version: ~7.5.6
version: 9.0.3
repository: https://charts.bitnami.com/bitnami/
condition: external-dns.enabled
- name: keycloak
version: ~21.4.2
repository: https://charts.bitnami.com/bitnami/
condition: keycloak.enabled
18 changes: 14 additions & 4 deletions helm/api-platform/keycloak/Dockerfile
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -4,16 +4,26 @@


# Versions
FROM docker.io/bitnamilegacy/keycloak:26-debian-12 AS keycloak_upstream

FROM quay.io/keycloak/keycloak:26.4 AS keycloak_upstream

# The different stages of this Dockerfile are meant to be built into separate images
# https://docs.docker.com/develop/develop-images/multistage-build/#stop-at-a-specific-build-stage
# https://docs.docker.com/compose/compose-file/#target


# Builder
FROM keycloak_upstream AS keycloak_builder

WORKDIR /opt/keycloak

RUN /opt/keycloak/bin/kc.sh build

# Keycloak image
FROM keycloak_upstream AS keycloak

COPY --link themes/api-platform-demo /opt/bitnami/keycloak/themes/api-platform-demo
COPY --link providers/owner-policy.jar /opt/bitnami/keycloak/providers/owner-policy.jar
COPY --from=keycloak_builder /opt/keycloak/ /opt/keycloak/

COPY --link --chown=keycloak:keycloak --chmod=644 themes/api-platform-demo /opt/keycloak/themes/api-platform-demo
COPY --link --chown=keycloak:keycloak --chmod=644 providers/owner-policy.jar /opt/keycloak/providers/owner-policy.jar

ENTRYPOINT ["/opt/keycloak/bin/kc.sh"]
21 changes: 21 additions & 0 deletions helm/api-platform/templates/_helpers.tpl
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -54,6 +54,18 @@ app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
{{- end }}

{{/*
Common labels Keycloak
*/}}
{{- define "api-platform.labelsKeycloak" -}}
helm.sh/chart: {{ include "api-platform.chart" . }}
{{ include "api-platform.selectorLabelsKeycloak" . }}
{{- if .Chart.AppVersion }}
app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
{{- end }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
{{- end }}

{{/*
Selector labels
*/}}
Expand All @@ -72,6 +84,15 @@ app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ include "api-platform.name" . }}
{{- end }}

{{/*
Selector labels Keycloak
*/}}
{{- define "api-platform.selectorLabelsKeycloak" -}}
app.kubernetes.io/name: {{ include "api-platform.name" . }}-keycloak
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ include "api-platform.name" . }}
{{- end }}

{{/*
Selector labels Fixtures
*/}}
Expand Down
14 changes: 12 additions & 2 deletions helm/api-platform/templates/configmap.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -19,12 +19,22 @@ data:
next-auth-url: "https://{{ (first .Values.ingress.hosts).host }}/api/auth"
pwa-client-id: {{ .Values.pwa.oidcClientId | quote }}
pwa-authorization-client-id: {{ .Values.php.oidcClientId | quote }}
{{- if .Values.keycloak.postgresql.enabled }}
keycloak-database-url: {{ printf "jdbc:postgresql://%s:%s/%s" .Release.Name .Values.keycloak.postgresql.global.postgresql.auth.database | b64enc | quote }}
{{- else }}
keycloak-database-url: {{ .Values.keycloak.postgresql.url | b64enc | quote }}
{{- end }}

---

{{- if .Values.keycloak.importRealm.enabled }}
apiVersion: v1
kind: ConfigMap
metadata:
name: keycloak-realm
name: {{ include "api-platform.fullname" . }}-keycloak-realm
labels:
{{- include "api-platform.labelsKeycloak" . | nindent 4 }}
data:
{{ (.Files.Glob "keycloak/config/*").AsConfig | indent 2 }}
realm.json: |
{{ (.Files.Glob .Values.keycloak.importRealm.path).AsConfig | indent 2 }}
{{- end }}
162 changes: 162 additions & 0 deletions helm/api-platform/templates/keycloak-deployment.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,162 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: {{ include "api-platform.fullname" . }}-keycloak
labels:
{{- include "api-platform.labelsKeycloak" . | nindent 4 }}
spec:
{{- if not .Values.autoscaling.enabled }}
replicas: {{ .Values.replicaCount }}
{{- end }}
selector:
matchLabels:
{{- include "api-platform.selectorLabelsKeycloak" . | nindent 6 }}
template:
metadata:
{{- with .Values.podAnnotations }}
annotations:
{{- toYaml . | nindent 8 }}
{{- end }}
labels:
{{- include "api-platform.selectorLabelsKeycloak" . | nindent 8 }}
spec:
{{- with .Values.imagePullSecrets }}
imagePullSecrets:
{{- toYaml . | nindent 8 }}
{{- end }}
serviceAccountName: {{ include "api-platform.serviceAccountName" . }}
securityContext:
{{- toYaml .Values.podSecurityContext | nindent 8 }}
containers:
- name: {{ .Chart.Name }}-keycloak
securityContext:
{{- toYaml .Values.securityContext | nindent 12 }}
image: "{{ .Values.keycloak.image.repository }}:{{ .Values.keycloak.image.tag | default .Chart.AppVersion }}"
imagePullPolicy: {{ .Values.keycloak.image.pullPolicy }}
{{- if .Values.keycloak.importRealm.enabled }}
args: ['--import-realm']
volumeMounts:
- name: keycloak-realm
mountPath: /opt/keycloak/data/import
readOnly: true
{{- end }}
env:
- name: KC_PRODUCTION
value: "true"
- name: KC_HTTP_RELATIVE_PATH
value: "/oidc/"
- name: KC_HEALTH_ENABLED
value: "true"
- name: KC_METRICS_ENABLED
value: "true"
- name: KC_DB
value: "postgres"
- name: KC_DB_URL
valueFrom:
configMapKeyRef:
name: {{ include "api-platform.fullname" . }}
key: keycloak-database-url
- name: KC_DB_USERNAME
valueFrom:
secretKeyRef:
name: {{ include "api-platform.fullname" . }}
key: keycloak-database-username
- name: KC_DB_PASSWORD
valueFrom:
secretKeyRef:
name: {{ include "api-platform.fullname" . }}
key: keycloak-database-password
- name: KC_BOOTSTRAP_ADMIN_USERNAME
valueFrom:
secretKeyRef:
name: {{ include "api-platform.fullname" . }}
key: keycloak-database-password
{{- if .Values.keycloak.auth.createAdminUser }}
- name: KC_BOOTSTRAP_ADMIN_USERNAME
valueFrom:
secretKeyRef:
name: {{ include "api-platform.fullname" . }}
key: keycloak-admin-username
- name: KC_BOOTSTRAP_ADMIN_PASSWORD
valueFrom:
secretKeyRef:
name: {{ include "api-platform.fullname" . }}
key: keycloak-admin-password
{{- end }}
{{- toYaml .Values.keycloak.extraEnvVars | nindent 12 }}
ports:
- name: http
containerPort: 8080
protocol: TCP
- name: https
containerPort: 8443
protocol: TCP
- name: api
containerPort: 9000
protocol: TCP
livenessProbe:
httpGet:
path: /
port: http
readinessProbe:
httpGet:
path: /
port: http
resources:
{{- toYaml .Values.keycloak.resources | nindent 12 }}
{{- if .Values.keycloak.postgresql.enabled }}
- name: {{ .Chart.Name }}-keycloak-postgresql
securityContext:
{{- toYaml .Values.securityContext | nindent 12 }}
image: "{{ .Values.keycloak.postgresql.image.repository }}:{{ .Values.keycloak.postgresql.image.tag | default .Chart.AppVersion }}"
imagePullPolicy: {{ .Values.keycloak.postgresql.image.pullPolicy | default "IfNotPresent" }}
env:
- name: POSTGRES_DB
valueFrom:
secretKeyRef:
name: {{ include "api-platform.fullname" . }}
key: keycloak-database-name
- name: POSTGRES_USER
valueFrom:
secretKeyRef:
name: {{ include "api-platform.fullname" . }}
key: keycloak-database-username
- name: POSTGRES_PASSWORD
valueFrom:
secretKeyRef:
name: {{ include "api-platform.fullname" . }}
key: keycloak-database-password
{{- toYaml .Values.keycloak.postgresql.extraEnvVars | nindent 12 }}
ports:
- name: main
containerPort: 5432
protocol: UDP
livenessProbe:
httpGet:
path: /
port: main
readinessProbe:
httpGet:
path: /
port: main
resources:
{{- toYaml .Values.keycloak.postgresql.resources | nindent 12 }}
{{- end }}
{{- if .Values.keycloak.importRealm.enabled }}
volumes:
- name: keycloak-realm
configMap:
name: {{ include "api-platform.fullname" . }}-keycloak-realm
{{- end }}
{{- with .Values.nodeSelector }}
nodeSelector:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.affinity }}
affinity:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.tolerations }}
tolerations:
{{- toYaml . | nindent 8 }}
{{- end }}
37 changes: 37 additions & 0 deletions helm/api-platform/templates/postgresql.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,37 @@
{{- if .Values.postgresql.enabled -}}
apiVersion: v1
kind: Secret
metadata:
name: {{ include "api-platform.fullname" . }}-initdb
labels:
{{- include "api-platform.labels" . | nindent 4 }}
type: kubernetes.io/basic-auth
data:
username: {{ .Values.postgresql.global.postgresql.auth.username | b64enc }}
password: {{ .Values.postgresql.global.postgresql.auth.password | b64enc }}
---
apiVersion: postgresql.cnpg.io/v1
kind: Cluster
metadata:
name: {{ .Release.Name }}-postgresql
spec:
instances: 1
imageName: {{ .Values.postgresql.image.registry | default "ghcr.io" }}/{{ .Values.postgresql.image.repository | default "cloudnative-pg/postgresql" }}:{{ .Values.postgresql.image.tag | default "17" }}
superuserSecret:
name: {{ include "api-platform.fullname" . }}-initdb
bootstrap:
initdb:
database: {{ .Values.postgresql.global.postgresql.auth.database }}
owner: {{ .Values.postgresql.global.postgresql.auth.username }}
postInitSQL:
- {{ printf "ALTER USER %s CREATEDB;" .Values.postgresql.global.postgresql.auth.username | quote }}
secret:
name: {{ include "api-platform.fullname" . }}-initdb
managed:
services:
disabledDefaultServices: ["ro", "r"]
storage:
size: {{ .Values.postgresql.primary.persistence.size }}
resources:
{{- toYaml .Values.postgresql.primary.resources | nindent 4 }}
{{- end -}}
Loading
Loading