search

bitnami / charts

Bitnami Helm Charts
https://bitnami.com
Other
8.61k stars 8.98k forks source link

[bitnami/keycloak] Support deploying keycloak config CLI configuration in secrets rather than in configMaps. #27493

Open orendain opened 1 week ago

orendain commented 1 week ago

Name and Version

bitnami/keycloak 21.4.4

What is the problem this feature will solve?

Specfying configuration in keycloakConfigCli.configuration will store that configuration in a configMap. Alternatively, users can have configuration be read from their own configMap by specifying keycloakConfigCli.existingConfigmap.

However, it's often the case that config contains sensitive information. In these cases, it's a security risk to have that data sitting in a configmap.

What is the feature you are proposing to solve the problem?

Support storing Keycloak Config CLI configuration in a Kubernetes Secret. Alternatively, support a secret-equivalent field to keycloakConfigCli.existingConfigmap (i.e., keycloakConfigCli.existingSecret).

What alternatives have you considered?

In the meantime, my workaround is to mount an existing secret as custom volume and manually specify the import path.

For example:

  extraVolumes:
    - name: keycloak-cli-config
      secret:
        secretName: my-existing-secret-name
  extraVolumeMounts:
    - name: keycloak-cli-config
      mountPath: /config
  extraEnvVars:
    - name: IMPORT_FILES_LOCATIONS
      value: /config/*

For anyone facing a similar need, the above should suffice. However, note that one should be careful mixing this workaround with use of keycloakConfigCli.configuration or keycloakConfigCli.existingConfigmap.

javsalgar commented 1 week ago

Hi!

Thank you so much for reporting! I will forward this to the team but as it is not a critical feature we cannot guarantee an ETA. If you want to speed up the process, you can submit a PR and the team will check it.