From 4cc7dc0646de50045d79916f65547881167ebe72 Mon Sep 17 00:00:00 2001
From: "Casper V. Kristensen" <vk@magenta.dk>
Date: Wed, 28 Jun 2023 14:11:54 +0200
Subject: [PATCH] feat(keycloak builder): [#48311] template environment
 variables directly

Previously, environment variables were templated into a ConfigMap which
was referenced through an `envFrom` in the deployment. Unfortunately,
Kubernetes does not restart deployments on changes to their referenced
ConfigMaps[1], so this indirection means that deployments have to be
restarted manually every time a change is made - something that is very
easy to forget in an otherwise GitOpsy workflow.

[1] https://github.com/kubernetes/kubernetes/issues/22368
---
 os2mo/templates/keycloak/realm-builder-config.yaml | 14 --------------
 os2mo/templates/mo/deployment.yaml                 |  7 ++++---
 2 files changed, 4 insertions(+), 17 deletions(-)
 delete mode 100644 os2mo/templates/keycloak/realm-builder-config.yaml

diff --git a/os2mo/templates/keycloak/realm-builder-config.yaml b/os2mo/templates/keycloak/realm-builder-config.yaml
deleted file mode 100644
index 029034d..0000000
--- a/os2mo/templates/keycloak/realm-builder-config.yaml
+++ /dev/null
@@ -1,14 +0,0 @@
-# SPDX-FileCopyrightText: Magenta ApS
-#
-# SPDX-License-Identifier: MPL-2.0
----
-apiVersion: v1
-kind: ConfigMap
-metadata:
-  name: keycloak-gen-config
-  {{- with .Values.annotations }}
-  annotations:
-  {{- toYaml . | nindent 4 }}
-  {{- end }}
-data:
-{{ toYaml .Values.keycloak.builder.environment | indent 2 }}
diff --git a/os2mo/templates/mo/deployment.yaml b/os2mo/templates/mo/deployment.yaml
index 8a9b826..140185e 100644
--- a/os2mo/templates/mo/deployment.yaml
+++ b/os2mo/templates/mo/deployment.yaml
@@ -235,9 +235,6 @@ spec:
 
         - name: keycloak-realm-builder
           image: "{{ .Values.keycloak.builder.image.registry }}/{{ .Values.keycloak.builder.image.repository }}:{{ .Values.keycloak.builder.image.tag }}"
-          envFrom:
-            - configMapRef:
-                name: keycloak-gen-config
           env:
             {{ include "os2mo.keycloak_terraform_db_connection" . | nindent 12 }}
             - name: TF_VAR_KEYCLOAK_ADMIN_USERNAME
@@ -262,6 +259,10 @@ spec:
                 secretKeyRef:
                   name: keycloak-dipex-secret
                   key: client_secret
+            {{- range $name, $value := .Values.keycloak.builder.environment }}
+            - name: {{ $name }}
+              value: {{ $value | quote }}
+            {{- end }}
           resources:
             {{- toYaml .Values.initContainers.resources | nindent 12 }}
       restartPolicy: Always