From d38f22f2628a8c4e83ca3185f54c6801c85abe5d Mon Sep 17 00:00:00 2001 From: Hendrik van Wyk Date: Wed, 4 Dec 2024 14:26:40 +0200 Subject: [PATCH] feature: Allow overriding the backend name and port in keycloakx chart This is useful for overriding the backend of certain paths to not go to Keycloak. One use case is when using aws-load-balancer-controller this can be used along with the "alb.ingress.kubernetes.io/actions.${action-name}" annotation to make in-realm metrics endpoints 404 instead of exposing them on the public internet. Signed-off-by: Hendrik van Wyk --- charts/keycloakx/README.md | 3 +++ charts/keycloakx/templates/ingress.yaml | 6 ++++++ charts/keycloakx/values.schema.json | 11 +++++++++++ 3 files changed, 20 insertions(+) diff --git a/charts/keycloakx/README.md b/charts/keycloakx/README.md index 00b06ca0..4542bdba 100644 --- a/charts/keycloakx/README.md +++ b/charts/keycloakx/README.md @@ -136,6 +136,9 @@ The following table lists the configurable parameters of the Keycloak-X chart an | `ingress.rules[0].paths` | Paths for the Ingress rule | see below | | `ingress.rules[0].paths[0].path` | Path for the Ingress rule | `/` | | `ingress.rules[0].paths[0].pathType` | Path Type for the Ingress rule | `Prefix` | +| `ingress.rules[0].paths[0].backendOverride` | Overrides for the backend section of the path. | null | +| `ingress.rules[0].paths[0].backendOverride.name` | Name of the backend service for this path | null | +| `ingress.rules[0].paths[0].backendOverride.port` | Port of the backend service for this path | null | | `ingress.servicePort` | The Service port targeted by the Ingress | `http` | | `ingress.annotations` | Ingress annotations | `{}` | | `ingress.ingressClassName` | The name of the Ingress Class associated with the ingress | `""` | diff --git a/charts/keycloakx/templates/ingress.yaml b/charts/keycloakx/templates/ingress.yaml index ccc94f7c..6ee437b5 100644 --- a/charts/keycloakx/templates/ingress.yaml +++ b/charts/keycloakx/templates/ingress.yaml @@ -43,9 +43,15 @@ spec: pathType: {{ .pathType }} backend: service: + {{- if .backendOverride }} + name: {{ .backendOverride.name }} + port: + name: {{ .backendOverride.port }} + {{ else }} name: {{ include "keycloak.fullname" $ }}-http port: name: {{ $ingress.servicePort }} + {{- end}} {{- end }} {{- end }} {{- if $ingress.console.enabled }} diff --git a/charts/keycloakx/values.schema.json b/charts/keycloakx/values.schema.json index 8b355b64..14e336fe 100644 --- a/charts/keycloakx/values.schema.json +++ b/charts/keycloakx/values.schema.json @@ -123,6 +123,17 @@ }, "pathType": { "type": "string" + }, + "backendOverride": { + "type": "object", + "properties": { + "name": { + "type": "string" + }, + "port": { + "type": "string" + } + } } } }