Introduction of Red Hat Build of Keycloak

Signed-off-by: Andrew Block <andy.block@gmail.com>

Author: sabre1041

charts/keycloak-operator/.helmignore

@@ -0,0 +1,23 @@
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*.orig
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
+.vscode/

charts/keycloak-operator/Chart.yaml

@@ -0,0 +1,27 @@
+annotations:
+  artifacthub.io/category: integration-delivery
+  artifacthub.io/license: Apache-2.0
+  artifacthub.io/links: |
+    - name: support
+      url: https://github.com/securesign/sigstore-ocp/issues
+    - name: Chart Source
+      url: https://github.com/securesign/sigstore-ocp
+    - name: Default Image Source
+      url: ""
+  charts.openshift.io/name: KeycloakOperator
+  charts.openshift.io/provider: TrustedArtifactSigner
+  charts.openshift.io/supportURL: https://github.com/securesign/sigstore-ocp/issues
+apiVersion: v2
+name: keycloak-operator
+description: A Helm chart for deploying the Keycloak Operator Using the Operator Lifecycle Manager (OLM)
+type: application
+keywords:
+  - operator
+  - keycloak
+kubeVersion: ">= 1.19.0-0"
+maintainers:
+  - name: TrustedArtifactSigner
+    url: ""
+sources:
+  - https://github.com/securesign/sigstore-ocp
+version: 0.1.0

charts/keycloak-operator/templates/_helpers.tpl

@@ -0,0 +1,59 @@
+{{/*
+Expand the name of the chart.
+*/}}
+{{- define "keycloak-operator.name" -}}
+{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }}
+{{- end }}
+
+{{/*
+Create a default fully qualified app name.
+We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
+If release name contains chart name it will be used as a full name.
+*/}}
+{{- define "keycloak-operator.fullname" -}}
+{{- if .Values.fullnameOverride }}
+{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }}
+{{- else }}
+{{- $name := default .Chart.Name .Values.nameOverride }}
+{{- if contains $name .Release.Name }}
+{{- .Release.Name | trunc 63 | trimSuffix "-" }}
+{{- else }}
+{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }}
+{{- end }}
+{{- end }}
+{{- end }}
+
+{{/*
+Create the chart namespace.
+*/}}
+{{- define "keycloak-operator.namespace" -}}
+{{- default .Release.Namespace .Values.namespaceOverride | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+
+{{/*
+Create chart name and version as used by the chart label.
+*/}}
+{{- define "keycloak-operator.chart" -}}
+{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }}
+{{- end }}
+
+{{/*
+Common labels
+*/}}
+{{- define "keycloak-operator.labels" -}}
+helm.sh/chart: {{ include "keycloak-operator.chart" . }}
+{{ include "keycloak-operator.selectorLabels" . }}
+{{- if .Chart.AppVersion }}
+app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
+{{- end }}
+app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- end }}
+
+{{/*
+Selector labels
+*/}}
+{{- define "keycloak-operator.selectorLabels" -}}
+app.kubernetes.io/name: {{ include "keycloak-operator.name" . }}
+app.kubernetes.io/instance: {{ .Release.Name }}
+{{- end }}

charts/keycloak-operator/templates/operatorgroup.yaml

@@ -0,0 +1,20 @@
+{{- if .Values.operatorgroup.create }}
+apiVersion: operators.coreos.com/v1
+kind: OperatorGroup
+metadata:
+  name: {{ include "keycloak-operator.fullname" . }}
+  generateName: {{ include "keycloak-operator.fullname" . }}-
+  namespace: {{ include "keycloak-operator.namespace" . }}
+  labels:
+    {{- include "keycloak-operator.labels" . | nindent 4 }}
+  {{- if .Values.operatorgroup.annotations }}
+  annotations:
+    {{- tpl (toYaml .Values.operatorgroup.annotations) $ | nindent 4 }}
+  {{- end }}
+spec:
+  {{- if not .Values.operatorgroup.allNamespaces }}
+  targetNamespaces:
+    {{ tpl (toYaml (list (include "keycloak-operator.namespace" .))) $ }}
+  {{- end }}
+  upgradeStrategy: {{ tpl .Values.operatorgroup.upgradeStrategy $ }}
+{{- end }}

charts/keycloak-operator/templates/subscription.yaml

@@ -0,0 +1,21 @@
+apiVersion: operators.coreos.com/v1alpha1
+kind: Subscription
+metadata:
+  name: {{ include "keycloak-operator.fullname" . }}
+  namespace: {{ default .Release.Namespace .Values.namespaceOverride | trunc 63 | trimSuffix "-" }}
+  labels:
+    {{- include "keycloak-operator.labels" . | nindent 4 }}
+  {{- if .Values.subscription.annotations }}
+  annotations:
+    {{- tpl (toYaml .Values.subscription.annotations) $ | nindent 4 }}
+  {{- end }}
+spec:
+  channel: {{ required "Operator channel is required!" .Values.subscription.channel }}
+  installPlanApproval: {{ default "Automatic" .Values.subscription.installPlanApproval }}
+  name: {{ required "Operator name is required!" .Values.subscription.name }}
+  source: {{ required "Operator source is required!" .Values.subscription.source }}
+  sourceNamespace: {{ required "Operator source namespace is required!" .Values.subscription.sourceNamespace }}
+{{- if .Values.subscription.config }}
+  config:
+  {{- tpl (toYaml .Values.subscription.config) $ | nindent 4 }}
+{{- end }}

charts/keycloak-operator/values.yaml

@@ -0,0 +1,16 @@
+---
+
+subscription:
+  channel: "stable-v22"
+  installPlanApproval: Automatic
+  name: "rhbk-operator"
+  source: "redhat-operators"
+  sourceNamespace: "openshift-marketplace"
+  config: {}
+
+operatorgroup:
+  create: true
+  allNamespaces: false
+  upgradeStrategy: Default
+
+namespaceOverride: ""

charts/keycloak/.helmignore

@@ -0,0 +1,23 @@
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*.orig
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
+.vscode/

charts/keycloak/Chart.yaml

@@ -0,0 +1,28 @@
+annotations:
+  artifacthub.io/category: integration-delivery
+  artifacthub.io/license: Apache-2.0
+  artifacthub.io/links: |
+    - name: support
+      url: https://github.com/securesign/sigstore-ocp/issues
+    - name: Chart Source
+      url: https://github.com/securesign/sigstore-ocp
+    - name: Default Image Source
+      url: ""
+  charts.openshift.io/name: Keycloak
+  charts.openshift.io/provider: TrustedArtifactSigner
+  charts.openshift.io/supportURL: https://github.com/securesign/sigstore-ocp/issues
+apiVersion: v2
+name: keycloak
+description: A Helm chart for deploying the Keycloak
+type: application
+keywords:
+  - sso
+  - keycloak
+  - identity
+kubeVersion: ">= 1.19.0-0"
+maintainers:
+  - name: TrustedArtifactSigner
+    url: ""
+sources:
+  - https://github.com/securesign/sigstore-ocp
+version: 0.1.0

charts/keycloak/templates/_helpers.tpl

@@ -0,0 +1,141 @@
+{{/*
+Expand the name of the chart.
+*/}}
+{{- define "keycloak.name" -}}
+{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }}
+{{- end }}
+
+{{/*
+Create a default fully qualified app name.
+We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
+If release name contains chart name it will be used as a full name.
+*/}}
+{{- define "keycloak.fullname" -}}
+{{- if .Values.fullnameOverride }}
+{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }}
+{{- else }}
+{{- $name := default .Chart.Name .Values.nameOverride }}
+{{- if contains $name .Release.Name }}
+{{- .Release.Name | trunc 63 | trimSuffix "-" }}
+{{- else }}
+{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }}
+{{- end }}
+{{- end }}
+{{- end }}
+
+{{/*
+Create the chart namespace.
+*/}}
+{{- define "keycloak.namespace" -}}
+{{- default .Release.Namespace .Values.namespaceOverride | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+
+{{/*
+Create chart name and version as used by the chart label.
+*/}}
+{{- define "keycloak.chart" -}}
+{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }}
+{{- end }}
+
+{{/*
+Common labels
+*/}}
+{{- define "keycloak.labels" -}}
+helm.sh/chart: {{ include "keycloak.chart" . }}
+{{ include "keycloak.selectorLabels" . }}
+{{- if .Chart.AppVersion }}
+app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
+{{- end }}
+app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- end }}
+
+{{/*
+Common PostgreSQL labels
+*/}}
+{{- define "keycloak.postgresql.labels" -}}
+helm.sh/chart: {{ include "keycloak.chart" . }}
+{{ include "keycloak.postgresql.selectorLabels" . }}
+{{- if .Chart.AppVersion }}
+app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
+{{- end }}
+app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- end }}
+
+{{/*
+Selector labels
+*/}}
+{{- define "keycloak.selectorLabels" -}}
+app.kubernetes.io/name: {{ include "keycloak.name" . }}
+app.kubernetes.io/instance: {{ .Release.Name }}
+{{- end }}
+
+{{/*
+Selector labels
+*/}}
+{{- define "keycloak.postgresql.selectorLabels" -}}
+app.kubernetes.io/name: {{ include "keycloak.postgresql.name" . }}
+app.kubernetes.io/instance: {{ .Release.Name }}
+{{- end }}
+
+{{/*
+Create the name of the service account to use
+*/}}
+{{- define "keycloak.serviceAccountName" -}}
+{{- if .serviceAccount.create }}
+{{- default .name .serviceAccount.name }}
+{{- else }}
+{{- default "default" .serviceAccount.name }}
+{{- end }}
+{{- end }}
+
+{{/*
+Create the image path for the passed in image field
+*/}}
+{{- define "keycloak.image" -}}
+{{- if eq (substr 0 7 .version) "sha256:" -}}
+{{- printf "%s/%s@%s" .registry .repository .version -}}
+{{- else -}}
+{{- printf "%s/%s:%s" .registry .repository .version -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Name of the PostgreSQL instance
+*/}}
+{{- define "keycloak.postgresql.name" -}}
+{{- (printf "%s-%s" (include "keycloak.name" $) "postgresql") | trunc 63 | trimSuffix "-" -}}
+{{- end }}
+
+{{/*
+Full Name of the PostgreSQL instance
+*/}}
+{{- define "keycloak.postgresql.fullname" -}}
+{{- (printf "%s-%s" (include "keycloak.fullname" $) "postgresql") | trunc 63 | trimSuffix "-" -}}
+{{- end }}
+
+{{/*
+Name of the PostgreSQL Secret
+*/}}
+{{- define "keycloak.postgresql.secret.name" -}}
+{{ default (include "keycloak.postgresql.fullname" .) (.Values.postgresql.secret.existingSecret) }}
+{{- end }}
+
+{{/*
+Name of the Keycloak Service
+*/}}
+{{- define "keycloak.service.name" -}}
+{{ .Values.openshift | ternary (printf "%s-trusted" (include "keycloak.fullname" .))  (include "keycloak.fullname" .)  }}
+{{- end }}
+
+{{/*
+Name of the TLS Secret
+*/}}
+{{- define "keycloak.tls.secret.name" -}}
+{{- $defaultTls := printf "%s-tls" (include "keycloak.fullname" .)  }}
+{{- if .Values.openshift -}}
+{{- default $defaultTls .Values.keycloak.tls.secret -}}
+{{- else -}}
+{{ len .Values.keycloak.tls.secret }}
+{{- end }}
+{{- end }}