ghp/helm-charts
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

kanidm: fix probes and use 443 port by default

Browse Source
This commit is contained in:
ace 2025-04-11 16:01:20 +03:00
parent 0d91f6f91d
commit 399eae0f1a
Signed by: ace
GPG Key ID: 49AC1F8C597F4B59
3 changed files with 17 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
kanidm/templates/configmap.yaml
View File

@ -10,7 +10,7 @@ data:
# If the port is set to 443 you may require the # If the port is set to 443 you may require the
# NET_BIND_SERVICE capability. # NET_BIND_SERVICE capability.
# Defaults to "127.0.0.1:8443" # Defaults to "127.0.0.1:8443"
bindaddress = "{{ .Values.kanidm.bindaddress }}" bindaddress = "{{ tpl .Values.kanidm.bindaddress $ }}"
# #
{{- if .Values.kanidmLdap.enabled }} {{- if .Values.kanidmLdap.enabled }}
# The read-only ldap server bind address. Requires # The read-only ldap server bind address. Requires
@ -101,7 +101,7 @@ data:
# domain name you configure above. If these two items are # domain name you configure above. If these two items are
# not consistent, the server WILL refuse to start! # not consistent, the server WILL refuse to start!
# origin = "https://idm.example.com" # origin = "https://idm.example.com"
origin = "https://{{ tpl .Values.kanidm.domain $ }}:8443" origin = "https://{{ tpl .Values.kanidm.domain $ }}:{{ .Values.service.port }}"
# #
{{- if .Values.kanidmOnlineBackup.enabled }} {{- if .Values.kanidmOnlineBackup.enabled }}
[online_backup] [online_backup]

9
kanidm/templates/deployment.yaml
View File

@ -8,13 +8,18 @@ spec:
{{- if not .Values.autoscaling.enabled }} {{- if not .Values.autoscaling.enabled }}
replicas: {{ .Values.replicaCount }} replicas: {{ .Values.replicaCount }}
{{- end }} {{- end }}
{{- if .Values.strategy }}
strategy:
{{ toYaml .Values.strategy | indent 2 }}
{{- end }}
selector: selector:
matchLabels: matchLabels:
{{- include "kanidm.selectorLabels" . | nindent 6 }} {{- include "kanidm.selectorLabels" . | nindent 6 }}
template: template:
metadata: metadata:
{{- with .Values.podAnnotations }}
annotations: annotations:
checksum/config: {{ include (print $.Template.BasePath "/configmap.yaml") . | sha256sum }}
{{- with .Values.podAnnotations }}
{{- toYaml . | nindent 8 }} {{- toYaml . | nindent 8 }}
{{- end }} {{- end }}
labels: labels:
@ -61,7 +66,7 @@ spec:
zypper install -y gawk kubernetes-client zypper install -y gawk kubernetes-client
/sbin/kanidmd server -c /data/server.toml & /sbin/kanidmd server -c /data/server.toml &
serverPID=$! serverPID=$!
until curl -k --output /dev/null --silent --head --fail https://localhost:8443; do until curl -k --output /dev/null --silent --head --fail https://localhost:{{ .Values.service.port }}; do
printf '.' printf '.'
sleep 5 sleep 5
done done

13
kanidm/values.yaml
View File

@ -4,6 +4,9 @@
replicaCount: 1 replicaCount: 1
strategy:
type: Recreate
image: image:
repository: docker.io/kanidm/server repository: docker.io/kanidm/server
pullPolicy: IfNotPresent pullPolicy: IfNotPresent
@ -15,9 +18,9 @@ nameOverride: ""
fullnameOverride: "" fullnameOverride: ""
kanidm: kanidm:
bindaddress: "[::]:8443" bindaddress: "[::]:{{ .Values.service.port }}"
domain: "idm.example.com" domain: "idm.example.com"
#origin: "https://{{ .Values.kanidm.domain }}:8443 #origin: "https://{{ .Values.kanidm.domain }}:{{ .Values.service.port }}"
trust_x_forward_for: true trust_x_forward_for: true
db_path: "/data/kanidm.db" db_path: "/data/kanidm.db"
#db_fs_type: "zfs" #db_fs_type: "zfs"
@ -63,7 +66,7 @@ securityContext: {}
service: service:
type: ClusterIP type: ClusterIP
port: 8443 port: 443
ingress: ingress:
enabled: false enabled: false
@ -116,12 +119,12 @@ resources: {}
livenessProbe: livenessProbe:
httpGet: httpGet:
scheme: HTTPS scheme: HTTPS
path: / path: /status
port: http port: http
readinessProbe: readinessProbe:
httpGet: httpGet:
scheme: HTTPS scheme: HTTPS
path: / path: /status
port: http port: http
autoscaling: autoscaling: