feat(keycloak builder): [#48311] template environment variables directly

Previously, environment variables were templated into a ConfigMap which was referenced through an `envFrom` in the deployment. Unfortunately, Kubernetes does not restart deployments on changes to their referenced ConfigMaps[1], so this indirection means that deployments have to be restarted manually every time a change is made - something that is very easy to forget in an otherwise GitOpsy workflow. [1] kubernetes/kubernetes#22368
OS2mo · Jun 28, 2023 · 4cc7dc0 · 4cc7dc0
1 parent d010734
commit 4cc7dc0
Show file tree

Hide file tree

Showing 2 changed files with 4 additions and 17 deletions.
diff --git a/os2mo/templates/keycloak/realm-builder-config.yaml b/os2mo/templates/keycloak/realm-builder-config.yaml
diff --git a/os2mo/templates/mo/deployment.yaml b/os2mo/templates/mo/deployment.yaml
@@ -235,9 +235,6 @@ spec:
 
         - name: keycloak-realm-builder
           image: "{{ .Values.keycloak.builder.image.registry }}/{{ .Values.keycloak.builder.image.repository }}:{{ .Values.keycloak.builder.image.tag }}"
-          envFrom:
-            - configMapRef:
-                name: keycloak-gen-config
           env:
             {{ include "os2mo.keycloak_terraform_db_connection" . | nindent 12 }}
             - name: TF_VAR_KEYCLOAK_ADMIN_USERNAME
@@ -262,6 +259,10 @@ spec:
                 secretKeyRef:
                   name: keycloak-dipex-secret
                   key: client_secret
+            {{- range $name, $value := .Values.keycloak.builder.environment }}
+            - name: {{ $name }}
+              value: {{ $value | quote }}
+            {{- end }}
           resources:
             {{- toYaml .Values.initContainers.resources | nindent 12 }}
       restartPolicy: Always