[keycloak] Allow keycloak to have a relative path (CloudPirates-io#216)

rob-64 · Rob Theriault · web-flow · commit 023745788707 · 2025-10-06T08:09:43.000+02:00
* all keycloak to have a relative path

* bump chart version

* Updated readme

* updated values schema

---------

Co-authored-by: Rob Theriault &lt;rob.theriault@dedrone.com&gt;
diff --git a/charts/keycloak/Chart.yaml b/charts/keycloak/Chart.yaml
@@ -2,7 +2,7 @@ apiVersion: v2
 name: keycloak
 description: Open Source Identity and Access Management Solution
 type: application
-version: 0.1.10
+version: 0.1.11
 appVersion: "26.3.4"
 keywords:
   - keycloak
diff --git a/charts/keycloak/README.md b/charts/keycloak/README.md
@@ -130,6 +130,7 @@ The following table lists the configurable parameters of the Keycloak chart and
 | `keycloak.proxyProtocolEnabled`        | Whether the server should use the HA PROXY protocol when serving requests from behind a proxy. (true, false) | `false`            |
 | `keycloak.proxyTrustedAddresses`       | A comma separated list of trusted proxy addresses                                                            | `""`               |
 | `keycloak.production`                  | Enable production mode                                                                                       | `false`            |
+| `keycloak.httpRelativePath`            | Set relative path for serving resources; must start with a /                                                 | `""`               |
 
 ### Database Configuration
 
diff --git a/charts/keycloak/templates/_helpers.tpl b/charts/keycloak/templates/_helpers.tpl
@@ -180,4 +180,15 @@ Return the database JDBC URL
 {{- printf "jdbc:mysql://%s:%s/%s%s" .Values.database.host (default "3306" (.Values.database.port | toString)) .Values.database.name (ternary (printf "?%s" .Values.database.jdbcParams) "" (ne .Values.database.jdbcParams "")) -}}
 {{- end -}}
 {{- end -}}
+{{- end }}
+
+{{/*
+Return the url to use for probes
+*/}}
+{{- define "keycloak.probeUrl" -}}
+{{- if or (eq .Values.keycloak.httpRelativePath "") (eq .Values.keycloak.httpRelativePath "/") -}}
+{{- printf "/realms/master" -}}
+{{- else -}}
+{{- printf "%s/realms/master" .Values.keycloak.httpRelativePath -}}
+{{- end -}}
 {{- end }}
diff --git a/charts/keycloak/templates/deployment.yaml b/charts/keycloak/templates/deployment.yaml
@@ -108,6 +108,8 @@ spec:
             - --features-disabled={{ join "," .Values.features.disabled }}
             {{- end }}
           env:
+            - name: KC_HTTP_RELATIVE_PATH
+              value: {{ .Values.keycloak.httpRelativePath | quote | default "/" }}
             - name: KC_BOOTSTRAP_ADMIN_USERNAME
               value: {{ .Values.keycloak.adminUser | quote }}
             - name: KC_BOOTSTRAP_ADMIN_PASSWORD
@@ -166,7 +168,7 @@ spec:
           {{- if .Values.livenessProbe.enabled }}
           livenessProbe:
             httpGet:
-              path: /realms/master
+              path: {{ include "keycloak.probeUrl" . }}
               port: http
               scheme: HTTP
             initialDelaySeconds: {{ .Values.livenessProbe.initialDelaySeconds }}
@@ -178,7 +180,7 @@ spec:
           {{- if .Values.readinessProbe.enabled }}
           readinessProbe:
             httpGet:
-              path: /realms/master
+              path: {{ include "keycloak.probeUrl" . }}
               port: http
               scheme: HTTP
             initialDelaySeconds: {{ .Values.readinessProbe.initialDelaySeconds }}
@@ -190,7 +192,7 @@ spec:
           {{- if .Values.startupProbe.enabled }}
           startupProbe:
             httpGet:
-              path: /realms/master
+              path: {{ include "keycloak.probeUrl" . }}
               port: http
               scheme: HTTP
             initialDelaySeconds: {{ .Values.startupProbe.initialDelaySeconds }}
diff --git a/charts/keycloak/tests/deployment-parameters_test.yaml b/charts/keycloak/tests/deployment-parameters_test.yaml
@@ -0,0 +1,17 @@
+suite: test service account
+templates:
+  - templates/deployment.yaml
+tests:
+  - it: readiness probe should be original
+    asserts:
+      - equal:
+          path: spec.template.spec.containers[0].readinessProbe.httpGet.path
+          value: /realms/master
+  - it: readiness probe should include the httpRelativePath
+    set:
+      keycloak:
+        httpRelativePath: /auth
+    asserts:
+      - equal:
+          path: spec.template.spec.containers[0].readinessProbe.httpGet.path
+          value: /auth/realms/master
diff --git a/charts/keycloak/values.schema.json b/charts/keycloak/values.schema.json
@@ -191,6 +191,10 @@
         "production": {
           "type": "boolean",
           "description": "Enable production mode"
+        },
+        "httpRelativePath": {
+          "type": "string",
+          "description": "Set relative path for serving resources; must start with a /"
         }
       }
     },
diff --git a/charts/keycloak/values.yaml b/charts/keycloak/values.yaml
@@ -92,6 +92,8 @@ keycloak:
   proxyTrustedAddresses: ""
   ## @param keycloak.production Enable production mode
   production: false
+  ## @param keycloak.httpRelativePath Set relative path for serving resources; must start with a /
+  httpRelativePath: ""
 
 ## @section Database Configuration
 database:

Original file line number	Diff line number	Diff line change
`@@ -191,6 +191,10 @@`
`191`	`191`	`"production": {`
`192`	`192`	`"type": "boolean",`
`193`	`193`	`"description": "Enable production mode"`
	`194`	`+ },`
	`195`	`+ "httpRelativePath": {`
	`196`	`+ "type": "string",`
	`197`	`+ "description": "Set relative path for serving resources; must start with a /"`
`194`	`198`	`}`
`195`	`199`	`}`
`196`	`200`	`},`