From 7882946b891295e9f6083ebb348e95075177cb61 Mon Sep 17 00:00:00 2001
From: Edwin Steiner <esteiner@inventage.com>
Date: Wed, 17 Apr 2024 10:15:58 +0200
Subject: [PATCH] Module `helm` added for Kubernetes deployments.

---
 .gitignore                                    |  3 +
 README.md                                     |  1 +
 helm/pom.xml                                  | 75 +++++++++++++++++++
 .../keycloak-custom-chart/Chart.yaml          |  8 ++
 .../keycloak-custom-chart/values.yaml         | 71 ++++++++++++++++++
 helm/src/main/resources/Chart.yaml            |  8 ++
 helm/src/main/resources/values.yaml           | 71 ++++++++++++++++++
 pom.xml                                       | 55 ++++++++++++--
 8 files changed, 284 insertions(+), 8 deletions(-)
 create mode 100644 helm/pom.xml
 create mode 100644 helm/src/generated/keycloak-custom-chart/Chart.yaml
 create mode 100644 helm/src/generated/keycloak-custom-chart/values.yaml
 create mode 100644 helm/src/main/resources/Chart.yaml
 create mode 100644 helm/src/main/resources/values.yaml

diff --git a/.gitignore b/.gitignore
index 43fbbb4..9336078 100644
--- a/.gitignore
+++ b/.gitignore
@@ -23,3 +23,6 @@ release.properties
 
 # Postgres data
 /docker-compose/postgres/volume/
+
+Chart.lock
+helm/src/generated/**/*.tgz
\ No newline at end of file
diff --git a/README.md b/README.md
index f4acf5d..50c61d3 100644
--- a/README.md
+++ b/README.md
@@ -10,6 +10,7 @@ This project is based on the [custom Keycloak template](https://github.com/inven
 - `container`: creates the custom docker image
 - `docker-compose`: provides a sample for launching the custom docker image
 - `extensions`: provides samples for Keycloak SPI implementations
+- `helm`: provides a sample for installing the custom container image in Kubernetes using the Codecentric Helm Chart
 - `server`: provides a Keycloak installation for local development & testing
 - `themes`: provides samples for custom themes
 
diff --git a/helm/pom.xml b/helm/pom.xml
new file mode 100644
index 0000000..9e9f9d9
--- /dev/null
+++ b/helm/pom.xml
@@ -0,0 +1,75 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<project xmlns="http://maven.apache.org/POM/4.0.0"
+         xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+         xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
+    <modelVersion>4.0.0</modelVersion>
+
+    <parent>
+        <artifactId>parent</artifactId>
+        <groupId>com.inventage.keycloak.custom</groupId>
+        <version>1.0.0-SNAPSHOT</version>
+    </parent>
+
+    <artifactId>helm</artifactId>
+    <packaging>helm</packaging>
+
+    <properties>
+        <chart.directory>${project.basedir}/src/generated/keycloak-custom-chart</chart.directory>
+
+        <!-- Image names in chart should always use the inventage registry! -->
+        <docker.registry.name>docker-registry.inventage.com:10121</docker.registry.name>
+    </properties>
+
+    <build>
+        <plugins>
+            <plugin>
+                <artifactId>maven-resources-plugin</artifactId>
+                <executions>
+                    <execution>
+                        <id>with-substitution</id>
+                        <goals>
+                            <goal>copy-resources</goal>
+                        </goals>
+                        <phase>generate-resources</phase>
+                        <configuration>
+                            <outputDirectory>${chart.directory}</outputDirectory>
+                            <resources>
+                                <resource>
+                                    <directory>src/main/resources</directory>
+                                    <filtering>true</filtering>
+                                </resource>
+                            </resources>
+                        </configuration>
+                    </execution>
+                </executions>
+            </plugin>
+            <plugin>
+                <!-- See https://github.com/kokuwaio/helm-maven-plugin for documentation -->
+                <groupId>io.kokuwa.maven</groupId>
+                <artifactId>helm-maven-plugin</artifactId>
+                <configuration>
+                    <excludes>
+                        <exclude>${project.build.directory}/**/charts/**/charts/portal-lib</exclude>
+                    </excludes>
+                    <chartDirectory>${chart.directory}</chartDirectory>
+                </configuration>
+                <executions>
+                    <execution>
+                        <id>default-cli</id>
+                        <configuration>
+                            <skipInstall>false</skipInstall>
+                            <skipUpgrade>false</skipUpgrade>
+                            <releaseName>keycloak-custom</releaseName>
+                            <values>
+                                <yamlFiles>
+                                    <yamlFiles>${chart.directory}/values.yaml</yamlFiles>
+                                </yamlFiles>
+                            </values>
+                        </configuration>
+                    </execution>
+                </executions>
+            </plugin>
+        </plugins>
+    </build>
+
+</project>
\ No newline at end of file
diff --git a/helm/src/generated/keycloak-custom-chart/Chart.yaml b/helm/src/generated/keycloak-custom-chart/Chart.yaml
new file mode 100644
index 0000000..a9998e1
--- /dev/null
+++ b/helm/src/generated/keycloak-custom-chart/Chart.yaml
@@ -0,0 +1,8 @@
+name: keycloak-custom-chart
+version: 1.0.0-SNAPSHOT
+apiVersion: v2
+
+dependencies:
+  - name: keycloakx
+    version: 2.3.0
+    repository: "https://codecentric.github.io/helm-charts"
diff --git a/helm/src/generated/keycloak-custom-chart/values.yaml b/helm/src/generated/keycloak-custom-chart/values.yaml
new file mode 100644
index 0000000..9a37187
--- /dev/null
+++ b/helm/src/generated/keycloak-custom-chart/values.yaml
@@ -0,0 +1,71 @@
+keycloakx:
+  # This is an example configuration, for production grade configuration see the Keycloak documentation.
+  # See https://www.keycloak.org/server/configuration
+  # See https://www.keycloak.org/server/all-config
+  command:
+    - "/opt/keycloak/bin/kc-with-setup.sh"
+    - "--verbose"
+    - "start"
+    - "--http-enabled=true"
+    - "--http-port=8080"
+    - "--hostname-strict=false"
+    - "--hostname-strict-https=false"
+    - "--spi-events-listener-jboss-logging-success-level=info"
+    - "--spi-events-listener-jboss-logging-error-level=warn"
+
+  image:
+    # The custom image repository
+    repository: docker-registry.inventage.com:10094/com.inventage.keycloak.custom.container
+    # Overrides the Keycloak image tag whose default is the chart appVersion
+    tag: 1.0.0-SNAPSHOT
+
+  http:
+    relativePath: "/"
+
+  extraEnv: |
+    - name: KEYCLOAK_ADMIN
+      valueFrom:
+        secretKeyRef:
+          name: {{ include "keycloak.fullname" . }}-admin-creds
+          key: user
+    - name: KEYCLOAK_ADMIN_PASSWORD
+      valueFrom:
+        secretKeyRef:
+          name: {{ include "keycloak.fullname" . }}-admin-creds
+          key: password
+    - name: JAVA_OPTS_APPEND
+      value: >-
+        -Djava.awt.headless=true
+        -Djgroups.dns.query={{ include "keycloak.fullname" . }}-headless
+
+  dbchecker:
+    enabled: true
+
+  database:
+    vendor: postgres
+    hostname: postgres-postgresql
+    port: 5432
+    username: keycloak
+    password: keycloak
+    database: keycloak
+
+  secrets:
+    admin-creds:
+      annotations:
+        my-test-annotation: Test secret for {{ include "keycloak.fullname" . }}
+      stringData:
+        user: admin
+        password: secret
+
+  securityContext:
+    # See https://github.com/keycloak/keycloak/issues/11286
+    # readOnlyRootFilesystem: true
+    allowPrivilegeEscalation: false
+    capabilities:
+      drop:
+        - ALL
+
+  serviceAccount:
+    automountServiceAccountToken: "false"
+    imagePullSecrets:
+      - name: keycloak-custom
diff --git a/helm/src/main/resources/Chart.yaml b/helm/src/main/resources/Chart.yaml
new file mode 100644
index 0000000..6631c20
--- /dev/null
+++ b/helm/src/main/resources/Chart.yaml
@@ -0,0 +1,8 @@
+name: keycloak-custom-chart
+version: ${project.version}
+apiVersion: v2
+
+dependencies:
+  - name: keycloakx
+    version: 2.3.0
+    repository: "https://codecentric.github.io/helm-charts"
diff --git a/helm/src/main/resources/values.yaml b/helm/src/main/resources/values.yaml
new file mode 100644
index 0000000..47bbf60
--- /dev/null
+++ b/helm/src/main/resources/values.yaml
@@ -0,0 +1,71 @@
+keycloakx:
+  # This is an example configuration, for production grade configuration see the Keycloak documentation.
+  # See https://www.keycloak.org/server/configuration
+  # See https://www.keycloak.org/server/all-config
+  command:
+    - "/opt/keycloak/bin/kc-with-setup.sh"
+    - "--verbose"
+    - "start"
+    - "--http-enabled=true"
+    - "--http-port=8080"
+    - "--hostname-strict=false"
+    - "--hostname-strict-https=false"
+    - "--spi-events-listener-jboss-logging-success-level=info"
+    - "--spi-events-listener-jboss-logging-error-level=warn"
+
+  image:
+    # The custom image repository
+    repository: ${docker.registry}${docker.image.name}
+    # Overrides the Keycloak image tag whose default is the chart appVersion
+    tag: ${project.version}
+
+  http:
+    relativePath: "/"
+
+  extraEnv: |
+    - name: KEYCLOAK_ADMIN
+      valueFrom:
+        secretKeyRef:
+          name: {{ include "keycloak.fullname" . }}-admin-creds
+          key: user
+    - name: KEYCLOAK_ADMIN_PASSWORD
+      valueFrom:
+        secretKeyRef:
+          name: {{ include "keycloak.fullname" . }}-admin-creds
+          key: password
+    - name: JAVA_OPTS_APPEND
+      value: >-
+        -Djava.awt.headless=true
+        -Djgroups.dns.query={{ include "keycloak.fullname" . }}-headless
+
+  dbchecker:
+    enabled: true
+
+  database:
+    vendor: postgres
+    hostname: postgres-postgresql
+    port: 5432
+    username: keycloak
+    password: keycloak
+    database: keycloak
+
+  secrets:
+    admin-creds:
+      annotations:
+        my-test-annotation: Test secret for {{ include "keycloak.fullname" . }}
+      stringData:
+        user: admin
+        password: secret
+
+  securityContext:
+    # See https://github.com/keycloak/keycloak/issues/11286
+    # readOnlyRootFilesystem: true
+    allowPrivilegeEscalation: false
+    capabilities:
+      drop:
+        - ALL
+
+  serviceAccount:
+    automountServiceAccountToken: "false"
+    imagePullSecrets:
+      - name: keycloak-custom
diff --git a/pom.xml b/pom.xml
index 780bc9d..9134e06 100644
--- a/pom.xml
+++ b/pom.xml
@@ -16,6 +16,7 @@
         <module>themes</module>
         <module>container</module>
         <module>docker-compose</module>
+        <module>helm</module>
     </modules>
 
     <properties>
@@ -26,7 +27,7 @@
         <keycloak.providers.dir>../../server/${keycloak.dir}/providers</keycloak.providers.dir> <!-- used in extension modules -->
         <keycloak.themes.dir>../server/${keycloak.dir}/themes</keycloak.themes.dir> <!-- used in themes module -->
         <docker.registry>docker-registry.inventage.com:10094/</docker.registry>
-        <docker.image.name>${project.groupId}.${project.artifactId}</docker.image.name>
+        <docker.image.name>com.inventage.keycloak.custom.container</docker.image.name>
         <docker.contextDir>${project.build.outputDirectory}</docker.contextDir>
         <docker.verbose>true</docker.verbose>
         <docker.imagePropertyConfiguration>override</docker.imagePropertyConfiguration>
@@ -82,13 +83,6 @@
                 <version>${testcontainers-keycloak.version}</version>
                 <scope>test</scope>
             </dependency>
-
-            <dependency>
-                <groupId>org.junit.jupiter</groupId>
-                <artifactId>junit-jupiter-engine</artifactId>
-                <version>${junit-jupiter-engine.version}</version>
-                <scope>test</scope>
-            </dependency>
             <dependency>
                 <groupId>org.testcontainers</groupId>
                 <artifactId>junit-jupiter</artifactId>
@@ -234,6 +228,51 @@
                         </execution>
                     </executions>
                 </plugin>
+                <plugin>
+                    <!-- See https://github.com/kokuwaio/helm-maven-plugin for documentation -->
+                    <groupId>io.kokuwa.maven</groupId>
+                    <artifactId>helm-maven-plugin</artifactId>
+                    <version>6.13.0</version>
+                    <extensions>true</extensions>
+                    <configuration>
+                        <chartVersion>${project.version}</chartVersion>
+                        <chartDirectory>${project.basedir}/helm/target/chart</chartDirectory>
+                        <useLocalHelmBinary>false</useLocalHelmBinary>
+                        <debug>true</debug>
+                        <skipUpload>false</skipUpload>
+                        <skipPushLogin>true</skipPushLogin>
+                        <uploadRepoSnapshot>
+                            <name>ghcr</name>
+                            <url>ghcr.io/keycloak-competence-center</url>
+                            <type>NEXUS</type>
+                            <username>${env.GITHUB_ACTOR}</username>
+                            <password>${env.GITHUB_TOKEN}</password>
+                        </uploadRepoSnapshot>
+                        <uploadRepoStable>
+                            <name>ghcr</name>
+                            <url>ghcr.io/keycloak-competence-center</url>
+                            <type>NEXUS</type>
+                            <username>${env.GITHUB_ACTOR}</username>
+                            <password>${env.GITHUB_TOKEN}</password>
+                        </uploadRepoStable>
+                    </configuration>
+                    <executions>
+                        <execution>
+                            <id>default-upload</id>
+                            <phase>none</phase>
+                        </execution>
+                        <execution>
+                            <id>upload</id>
+                            <goals>
+                                <goal>init</goal>
+                                <goal>lint</goal>
+                                <goal>package</goal>
+                                <goal>push</goal>
+                            </goals>
+                            <phase>deploy</phase>
+                        </execution>
+                    </executions>
+                </plugin>
             </plugins>
         </pluginManagement>
         <plugins>