Skip to content
Merged
Show file tree
Hide file tree
Changes from 3 commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
3 changes: 2 additions & 1 deletion helm/cosmo/CHART.md
Original file line number Diff line number Diff line change
Expand Up @@ -11,6 +11,7 @@ This is the official Helm Chart for WunderGraph Cosmo - The Full Lifecycle Graph
| Name | Email | Url |
| ---- | ------ | --- |
| Dustin Deus | <dustin@wundergraph.com> | <https://github.com/StarpTech> |
| Peter Polacik | <peter@wundergraph.com> | <https://github.com/pepol> |

## Requirements

Expand All @@ -23,7 +24,7 @@ This is the official Helm Chart for WunderGraph Cosmo - The Full Lifecycle Graph
| | router | ^0 |
| | studio | ^0 |
| https://charts.bitnami.com/bitnami | clickhouse | ^5.0.2 |
| https://charts.bitnami.com/bitnami | keycloak | ^17.3.1 |
| https://codecentric.github.io/helm-charts | keycloakx | ^7.1.8 |
| https://charts.bitnami.com/bitnami | minio | 12.10.0 |
| https://charts.bitnami.com/bitnami | postgresql | 12.8.0 |
| https://charts.bitnami.com/bitnami | redis | 18.9.1 |
Expand Down
10 changes: 5 additions & 5 deletions helm/cosmo/Chart.lock
Original file line number Diff line number Diff line change
Expand Up @@ -20,9 +20,9 @@ dependencies:
- name: postgresql
repository: https://charts.bitnami.com/bitnami
version: 12.12.10
- name: keycloak
repository: https://charts.bitnami.com/bitnami
version: 22.0.0
- name: keycloakx
repository: https://codecentric.github.io/helm-charts
version: 7.1.8
- name: clickhouse
repository: https://charts.bitnami.com/bitnami
version: 6.2.14
Expand All @@ -32,5 +32,5 @@ dependencies:
- name: redis
repository: https://charts.bitnami.com/bitnami
version: 19.3.3
digest: sha256:ca5d96eb18eb17314f0ca5048a25b9050942c17c9bdae669134e7ebf11fb3ecf
generated: "2024-09-23T15:19:35.81985+05:30"
digest: sha256:c5d01848a4217b447e1e5c7501f8899188fbce7c80ad2698174f1d078c6de311
generated: "2026-02-27T17:47:35.700464+01:00"
7 changes: 4 additions & 3 deletions helm/cosmo/Chart.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -68,10 +68,11 @@ dependencies:
version: '12.12.10'
condition: global.postgresql.enabled
repository: 'https://charts.bitnami.com/bitnami'
- name: keycloak
version: '22.0.0'
repository: 'https://charts.bitnami.com/bitnami'
- name: keycloakx
version: '7.1.8'
repository: 'https://codecentric.github.io/helm-charts'
condition: global.keycloak.enabled
alias: keycloak
- name: clickhouse
version: '6.2.14'
condition: global.clickhouse.enabled
Expand Down
53 changes: 23 additions & 30 deletions helm/cosmo/README.md
Original file line number Diff line number Diff line change
Expand Up @@ -25,10 +25,10 @@ This is the official Helm Chart for WunderGraph Cosmo - The Full Lifecycle Graph
| | router | ^0 |
| | studio | ^0 |
| https://charts.bitnami.com/bitnami | clickhouse | 6.2.14 |
| https://charts.bitnami.com/bitnami | keycloak | 22.0.0 |
| https://charts.bitnami.com/bitnami | minio | 14.6.25 |
| https://charts.bitnami.com/bitnami | postgresql | 12.12.10 |
| https://charts.bitnami.com/bitnami | redis | 19.3.3 |
| https://codecentric.github.io/helm-charts | keycloak(keycloakx) | 7.1.8 |

## Values

Expand Down Expand Up @@ -122,7 +122,7 @@ This is the official Helm Chart for WunderGraph Cosmo - The Full Lifecycle Graph
| global.helmTests.enabled | bool | `false` | |
| global.keycloak.adminPassword | string | `"changeme"` | |
| global.keycloak.adminUser | string | `"admin"` | |
| global.keycloak.apiUrl | string | `"http://cosmo-keycloak:8080"` | |
| global.keycloak.apiUrl | string | `"http://cosmo-keycloak-http:8080"` | |
| global.keycloak.clientId | string | `"studio"` | |
| global.keycloak.database | string | `"keycloak"` | |
| global.keycloak.databasePassword | string | `"changeme"` | |
Expand Down Expand Up @@ -168,38 +168,31 @@ This is the official Helm Chart for WunderGraph Cosmo - The Full Lifecycle Graph
| graphqlmetrics.configuration.prometheus.port | int | `8088` | The port where metrics are exposed. Default is port 8088. |
| ingress.annotations | object | `{}` | |
| ingress.enabled | bool | `true` | |
| keycloak.auth.adminPassword | string | `"changeme"` | |
| keycloak.auth.adminUser | string | `"admin"` | |
| keycloak.cache.enabled | bool | `false` | |
| keycloak.externalDatabase.database | string | `"keycloak"` | |
| keycloak.externalDatabase.host | string | `"cosmo-postgresql"` | |
| keycloak.externalDatabase.port | int | `5432` | |
| keycloak.externalDatabase.user | string | `"postgres"` | |
| keycloak.extraEnvVars[0].name | string | `"KEYCLOAK_EXTRA_ARGS"` | |
| keycloak.extraEnvVars[0].value | string | `"--import-realm --optimized"` | |
| keycloak.extraEnvVars[1].name | string | `"KEYCLOAK_ENABLE_HEALTH_ENDPOINTS"` | |
| keycloak.extraEnvVars[1].value | string | `"true"` | |
| keycloak.extraEnvVars[2].name | string | `"KEYCLOAK_DATABASE_PASSWORD"` | |
| keycloak.extraEnvVars[2].value | string | `"changeme"` | |
| keycloak.extraVolumeMounts[0].mountPath | string | `"/opt/bitnami/keycloak/data/import/realm.json"` | |
| keycloak.extraVolumeMounts[0].name | string | `"realm-config-volume"` | |
| keycloak.extraVolumeMounts[0].readOnly | bool | `true` | |
| keycloak.extraVolumeMounts[0].subPath | string | `"realm.json"` | |
| keycloak.extraVolumes[0].configMap.name | string | `"keycloak-realm"` | |
| keycloak.extraVolumes[0].name | string | `"realm-config-volume"` | |
| keycloak.args[0] | string | `"start"` | |
| keycloak.args[1] | string | `"--import-realm"` | |
| keycloak.args[2] | string | `"--optimized"` | |
| keycloak.cache.stack | string | `"custom"` | |
| keycloak.database.database | string | `"keycloak"` | |
| keycloak.database.hostname | string | `"cosmo-postgresql"` | |
| keycloak.database.password | string | `"changeme"` | |
| keycloak.database.port | int | `5432` | |
| keycloak.database.username | string | `"postgres"` | |
| keycloak.database.vendor | string | `"postgres"` | |
| keycloak.extraEnv | string | `"- name: KC_BOOTSTRAP_ADMIN_USERNAME\n valueFrom:\n secretKeyRef:\n name: {{ include \"keycloak.fullname\" . }}-bootstrap\n key: adminUser\n- name: KC_BOOTSTRAP_ADMIN_PASSWORD\n valueFrom:\n secretKeyRef:\n name: {{ include \"keycloak.fullname\" . }}-bootstrap\n key: adminPassword\n- name: KC_HOSTNAME_STRICT\n value: 'false'\n"` | |
| keycloak.extraVolumeMounts | string | `"- mountPath: /opt/keycloak/data/import/realm.json\n name: realm-config-volume\n readOnly: true\n subPath: realm.json\n"` | |
| keycloak.extraVolumes | string | `"- name: realm-config-volume\n configMap:\n name: keycloak-realm\n"` | |
| keycloak.health.enabled | bool | `true` | |
| keycloak.http.relativePath | string | `"/"` | |
| keycloak.image.pullPolicy | string | `"IfNotPresent"` | |
| keycloak.image.registry | string | `"ghcr.io"` | |
| keycloak.image.repository | string | `"wundergraph/cosmo/keycloak"` | |
| keycloak.image.tag | string | `"0.10.4"` | |
| keycloak.image.repository | string | `"ghcr.io/wundergraph/cosmo/keycloak"` | |
| keycloak.image.tag | string | `"0.12.0"` | |
| keycloak.metrics.enabled | bool | `true` | |
| keycloak.podAnnotations."kapp.k14s.io/change-group" | string | `"cosmo.apps.keycloak.wundergraph.com/deployment"` | Support for k14s.io. This annotation will form a group to coordinate deployments with kapp. |
| keycloak.podAnnotations."kapp.k14s.io/change-rule.postgresql" | string | `"upsert after upserting cosmo.apps.postgresql.wundergraph.com/deployment"` | Support for k14s.io. This annotation will wait for the postgresql deployments to be ready before deploying. |
| keycloak.postgresql.enabled | bool | `false` | |
| keycloak.production | bool | `false` | |
| keycloak.replicaCount | int | `1` | |
| keycloak.resourcesPreset | string | `"none"` | Is set to 'small' by default which is too small and runs in OOMKilled |
| keycloak.service.ports.http | int | `8080` | |
| keycloak.startupProbe.enabled | bool | `true` | |
| keycloak.replicas | int | `1` | |
| keycloak.secrets.bootstrap.stringData.adminPassword | string | `"{{ .Values.global.keycloak.adminPassword }}"` | |
| keycloak.secrets.bootstrap.stringData.adminUser | string | `"{{ .Values.global.keycloak.adminUser }}"` | |
| keycloak.service.httpPort | int | `8080` | |
| minio.auth.rootPassword | string | `"changeme"` | |
| minio.auth.rootUser | string | `"minio"` | |
| minio.commonAnnotations."kapp.k14s.io/change-group" | string | `"cosmo.apps.minio.wundergraph.com/deployment"` | |
Expand Down
Binary file removed helm/cosmo/charts/keycloak-22.0.0.tgz
Binary file not shown.
Binary file added helm/cosmo/charts/keycloakx-7.1.8.tgz
Binary file not shown.
2 changes: 1 addition & 1 deletion helm/cosmo/templates/ingress.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -70,7 +70,7 @@ spec:
pathType: Prefix
backend:
service:
name: {{ include "keycloak.fullname" . }}
name: {{ include "keycloak.fullname" . }}-http
port:
number: {{ .Values.global.keycloak.port }}
{{- end }}
Expand Down
88 changes: 49 additions & 39 deletions helm/cosmo/values.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -61,7 +61,7 @@ global:
loginRealm: 'master'
webUrl: 'http://keycloak.wundergraph.local'
# Use internal DNS name to access Keycloak
apiUrl: 'http://cosmo-keycloak:8080'
apiUrl: 'http://cosmo-keycloak-http:8080'
Comment thread
coderabbitai[bot] marked this conversation as resolved.
clientId: 'studio'
adminUser: 'admin'
adminPassword: 'changeme'
Expand Down Expand Up @@ -349,59 +349,69 @@ graphqlmetrics:
# It is highly recommended to use a managed service in production environments or use our cloud offering https://cosmo.wundergraph.com

# Keycloak for the Cosmo Controlplane & Studio
# https://artifacthub.io/packages/helm/bitnami/keycloak
# TODO(pepol): Move to 'codecentric/keycloakx' chart once new keycloak image is built and released
# https://artifacthub.io/packages/helm/codecentric/keycloakx
keycloak:
# Production requires TLS
production: false
statefulsetAnnotations:
kapp.k14s.io/update-strategy: fallback-on-replace
replicas: 1
image:
repository: wundergraph/cosmo/keycloak
registry: ghcr.io
repository: ghcr.io/wundergraph/cosmo/keycloak
tag: '0.13.0'
pullPolicy: IfNotPresent
tag: '0.10.4'
args:
- 'start'
- '--import-realm'
- '--optimized'
Comment thread
pepol marked this conversation as resolved.
service:
ports:
http: 8080
replicaCount: 1
httpPort: 8080
podAnnotations:
# -- Support for k14s.io. This annotation will form a group to coordinate deployments with kapp.
kapp.k14s.io/change-group: 'cosmo.apps.keycloak.wundergraph.com/deployment'
# -- Support for k14s.io. This annotation will wait for the postgresql deployments to be ready before deploying.
kapp.k14s.io/change-rule.postgresql: 'upsert after upserting cosmo.apps.postgresql.wundergraph.com/deployment'
auth:
adminUser: 'admin'
adminPassword: 'changeme'
startupProbe:
enabled: true
cache:
enabled: false
# -- Is set to 'small' by default which is too small and runs in OOMKilled
resourcesPreset: none
stack: custom # Disables automatic cache configuration.
health:
enabled: true
metrics:
enabled: true
postgresql:
enabled: false
extraEnvVars:
- name: KEYCLOAK_EXTRA_ARGS
value: '--import-realm --optimized'
- name: KEYCLOAK_ENABLE_HEALTH_ENDPOINTS
value: 'true'
- name: KEYCLOAK_DATABASE_PASSWORD
value: 'changeme'
extraVolumeMounts:
- mountPath: /opt/bitnami/keycloak/data/import/realm.json
name: realm-config-volume
readOnly: true
subPath: realm.json
extraVolumes:
database:
vendor: postgres
hostname: cosmo-postgresql
port: 5432
database: keycloak
username: postgres
password: changeme
http:
relativePath: "/"
# NOTE: The following 3 values are expected by the subchart to be STRINGs, not arrays, which is why the multiline string escape (`|`) is here.
extraVolumes: |
- name: realm-config-volume
configMap:
name: keycloak-realm
externalDatabase:
host: 'cosmo-postgresql'
port: 5432
user: 'postgres'
database: keycloak
extraVolumeMounts: |
- mountPath: /opt/keycloak/data/import/realm.json
name: realm-config-volume
readOnly: true
subPath: realm.json
extraEnv: |
- name: KC_BOOTSTRAP_ADMIN_USERNAME
valueFrom:
secretKeyRef:
name: {{ include "keycloak.fullname" . }}-bootstrap
key: adminUser
- name: KC_BOOTSTRAP_ADMIN_PASSWORD
valueFrom:
secretKeyRef:
name: {{ include "keycloak.fullname" . }}-bootstrap
key: adminPassword
- name: KC_HOSTNAME_STRICT
value: 'false'
secrets:
bootstrap:
stringData:
adminUser: "{{ .Values.global.keycloak.adminUser }}"
adminPassword: "{{ .Values.global.keycloak.adminPassword }}"

# ClickHouse for the Cosmo Controlplane & Collectors
# https://artifacthub.io/packages/helm/bitnami/clickhouse
Expand Down
Loading