From 3786546ff9eb79cf2c336dd5ac0d31e5efd515b0 Mon Sep 17 00:00:00 2001 From: Laurent Broudoux Date: Thu, 6 Jun 2024 15:59:26 +0200 Subject: [PATCH] feat: #117 UPdating Keycloak, Postgres and MongoDB to latest possible versions Signed-off-by: Laurent Broudoux --- k8s/keycloak-config.yml | 11 +++++++++++ k8s/keycloak-postgres-deployment.yml | 20 +++++--------------- k8s/mongodb-config.yml | 15 +++++++++++++++ k8s/mongodb-deployment.yml | 20 ++++++++++++++++---- k8s/mongodb-secret.yml | 7 +++++-- roles/microcks/defaults/main.yml | 8 ++++---- roles/microcks/tasks/main.yml | 6 ++++++ 7 files changed, 62 insertions(+), 25 deletions(-) create mode 100644 k8s/mongodb-config.yml diff --git a/k8s/keycloak-config.yml b/k8s/keycloak-config.yml index d2db71d..8edfaab 100644 --- a/k8s/keycloak-config.yml +++ b/k8s/keycloak-config.yml @@ -204,5 +204,16 @@ data: ], "identityProviders": [ ], + "requiredActions": [ + { + "alias": "VERIFY_PROFILE", + "name": "Verify Profile", + "providerId": "VERIFY_PROFILE", + "enabled": false, + "defaultAction": false, + "priority": 90, + "config": {} + } + ], "keycloakVersion": "10.0.1" } diff --git a/k8s/keycloak-postgres-deployment.yml b/k8s/keycloak-postgres-deployment.yml index d00bb5e..306a10f 100644 --- a/k8s/keycloak-postgres-deployment.yml +++ b/k8s/keycloak-postgres-deployment.yml @@ -32,16 +32,11 @@ spec: container: keycloak-postgresql group: microcks spec: - {% if 'route.openshift.io' not in api_groups -%} - securityContext: - runAsUser: 26 - runAsGroup: 26 - fsGroup: 26 - {% endif -%} terminationGracePeriodSeconds: 60 containers: - name: keycloak-postgresql image: {{keycloak.postgres_image}} + args: ["-c", "max_connections=100", "-c", "shared_buffers=12MB"] imagePullPolicy: IfNotPresent ports: - containerPort: 5432 @@ -54,30 +49,25 @@ spec: - "/bin/sh" - "-i" - "-c" - - psql 127.0.0.1 -U ${POSTGRESQL_USER} -q -d ${POSTGRESQL_DATABASE} - -c 'SELECT 1' + - psql 127.0.0.1 -U ${POSTGRES_USER} -q -d ${POSTGRES_DB} -c 'SELECT 1' livenessProbe: timeoutSeconds: 1 initialDelaySeconds: 30 tcpSocket: port: 5432 env: - - name: POSTGRESQL_USER + - name: POSTGRES_USER valueFrom: secretKeyRef: key: postgresUsername name: "{{name}}-keycloak-admin" - - name: POSTGRESQL_PASSWORD + - name: POSTGRES_PASSWORD valueFrom: secretKeyRef: key: postgresPassword name: "{{name}}-keycloak-admin" - - name: POSTGRESQL_DATABASE + - name: POSTGRES_DB value: root - - name: POSTGRESQL_MAX_CONNECTIONS - value: '100' - - name: POSTGRESQL_SHARED_BUFFERS - value: 12MB volumeMounts: - name: "{{name}}-keycloak-postgresql-data" mountPath: "/var/lib/pgsql/data" diff --git a/k8s/mongodb-config.yml b/k8s/mongodb-config.yml new file mode 100644 index 0000000..89b5b42 --- /dev/null +++ b/k8s/mongodb-config.yml @@ -0,0 +1,15 @@ +kind: ConfigMap +apiVersion: v1 +metadata: + name: "{{name}}-mongodb-init" + namespace: '{{ meta.namespace }}' + labels: + app: "{{name}}" + container: mongodb + group: microcks +data: + create-user.sh: |- + #!/bin/bash + echo "Started Adding the Users..." + mongo admin --eval "db.getSiblingDB('${MONGO_INITDB_DATABASE}').createUser({user: '${MONGODB_USER}', pwd: '${MONGODB_PASSWORD}', roles: [{role: 'readWrite', db: '${MONGO_INITDB_DATABASE}'}]})" + echo "End Adding the User Roles." \ No newline at end of file diff --git a/k8s/mongodb-deployment.yml b/k8s/mongodb-deployment.yml index 48ab4f7..7e0dd02 100644 --- a/k8s/mongodb-deployment.yml +++ b/k8s/mongodb-deployment.yml @@ -42,6 +42,7 @@ spec: containers: - name: mongodb image: {{mongodb.image}} + args: ["--dbpath","/var/lib/mongodb/data"] ports: - containerPort: 27017 protocol: TCP @@ -56,12 +57,17 @@ spec: secretKeyRef: key: password name: "{{name}}-mongodb-connection" - - name: MONGODB_ADMIN_PASSWORD + - name: MONGO_INITDB_ROOT_USERNAME + valueFrom: + secretKeyRef: + key: adminUsername + name: "{{name}}-mongodb-connection" + - name: MONGO_INITDB_ROOT_PASSWORD valueFrom: secretKeyRef: key: adminPassword name: "{{name}}-mongodb-connection" - - name: MONGODB_DATABASE + - name: MONGO_INITDB_DATABASE value: "{{name}}" resources: {{ mongodb.resources | to_nice_yaml(indent=10) | trim | indent(10) }} @@ -73,7 +79,7 @@ spec: - "/bin/sh" - "-i" - "-c" - - mongo 127.0.0.1:27017/$MONGODB_DATABASE -u $MONGODB_USER -p $MONGODB_PASSWORD + - mongo 127.0.0.1:27017/$MONGO_INITDB_DATABASE -u $MONGODB_USER -p $MONGODB_PASSWORD --eval="quit()" livenessProbe: timeoutSeconds: 1 @@ -83,6 +89,8 @@ spec: volumeMounts: - name: "{{name}}-mongodb-data" mountPath: "/var/lib/mongodb/data" + - name: custom-init-scripts + mountPath: /docker-entrypoint-initdb.d terminationMessagePath: "/dev/termination-log" imagePullPolicy: IfNotPresent securityContext: @@ -96,4 +104,8 @@ spec: claimName: "{{name}}-mongodb" {% else %}emptyDir: medium: '' - {% endif %} \ No newline at end of file + {% endif %} + + - name: custom-init-scripts + configMap: + name: "{{name}}-mongodb-init" \ No newline at end of file diff --git a/k8s/mongodb-secret.yml b/k8s/mongodb-secret.yml index 0b3abf1..327cea7 100644 --- a/k8s/mongodb-secret.yml +++ b/k8s/mongodb-secret.yml @@ -12,9 +12,12 @@ stringData: {% if 'username' in mongodb %}username: '{{mongodb.username}}' {% else %}username: user{{ lookup('password', '/dev/null length=5 chars=ascii_letters') }} {% endif %} + data: {% if 'password' in mongodb %}password: {{ mongodb.password | b64encode | quote }} - {% else %}password: {{ lookup('password', '/dev/null length=32 chars=ascii_letters') | b64encode | quote }} + {% else %}password: {{ lookup('password', '/dev/null length=32 chars=ascii_letters') | b64encode | quote }} + {% endif %}{% if 'adminUsername' in mongodb %}adminUsername: {{ mongodb.adminUsername | b64encode | quote }} + {% else %}adminUsername: {{ lookup('password', '/dev/null length=16 chars=ascii_letters') | b64encode | quote }} {% endif %}{% if 'adminPassword' in mongodb %}adminPassword: {{ mongodb.adminPassword | b64encode | quote }} - {% else %}adminPassword: {{ lookup('password', '/dev/null length=32 chars=ascii_letters') | b64encode | quote }} + {% else %}adminPassword: {{ lookup('password', '/dev/null length=32 chars=ascii_letters') | b64encode | quote }} {% endif %} diff --git a/roles/microcks/defaults/main.yml b/roles/microcks/defaults/main.yml index 532e9c6..0ec2399 100644 --- a/roles/microcks/defaults/main.yml +++ b/roles/microcks/defaults/main.yml @@ -1,7 +1,7 @@ --- # defaults specification file for microcks installation name: microcks -version: 1.7.0 +version: 1.9.1 microcks: replicas: 1 #url: microcks.192.168.99.100.nip.io @@ -56,7 +56,7 @@ postman: keycloak: install: true realm: microcks - image: keycloak/keycloak:22.0.3 + image: keycloak/keycloak:24.0.4 # Now that we switched to newer version of Keycloak-X, url must include the # '/auth' path if you use an older external Keycloak instance. #url: keycloak.192.168.99.100.nip.io @@ -81,7 +81,7 @@ keycloak: persistent: true volume_size: 1Gi #storage_class_name: my-awesome-class - postgres_image: centos/postgresql-95-centos7:latest + postgres_image: library/postgres:16.3-alpine openshift: route: enabled: true @@ -111,7 +111,7 @@ mongodb: persistent: true volume_size: 2Gi #storage_class_name: my-awesome-class - image: centos/mongodb-36-centos7:latest + image: library/mongo:4.4.29 resources: #requests: #cpu: 250m diff --git a/roles/microcks/tasks/main.yml b/roles/microcks/tasks/main.yml index a49e313..1194b49 100644 --- a/roles/microcks/tasks/main.yml +++ b/roles/microcks/tasks/main.yml @@ -41,6 +41,12 @@ force: False definition: "{{ lookup('template', 'mongodb-pvc.yml') | from_yaml }}" +- name: The MongoDB ConfigMap is present if mongodb.install == true + when: mongodb.install|bool + k8s: + state: "{{ 'present' if mongodb.install|bool else 'absent' }}" + definition: "{{ lookup('template', 'mongodb-config.yml') | from_yaml }}" + - name: The MongoDB Deployment is present if mongodb.install == true when: mongodb.install|bool k8s: