github-personal/cozystack
1
0
Fork 0
mirror of https://github.com/outbackdingo/cozystack.git synced 2026-01-28 02:18:36 +00:00
Code Issues Packages Projects Releases Wiki Activity

[oidc] Check APIVersions before deploying

Browse Source 
When enabling OIDC, the Tenant applications may try to deploy
KeycloakRealmGroups before the Keycloak operator is live. This may
lead to a race where neither HelmRelease is able to progress. This patch
addresses this.

```release-note
[oidc] Do not deploy KeycloakRealmGroup resources as part of the Tenant
application if the v1.edp.epam.com API is not yet available.
```

Signed-off-by: Timofei Larkin <lllamnyp@gmail.com>
This commit is contained in:
Timofei Larkin
2025-10-08 20:37:08 +03:00
parent 6dd08947ae
commit 45036ff249
1 changed files with 2 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
packages/apps/tenant/templates/keycloakgroups.yaml
View File

@@ -1,6 +1,7 @@
{{- $cozyConfig := lookup "v1" "ConfigMap" "cozy-system" "cozystack" }}
{{- $oidcEnabled := index $cozyConfig.data "oidc-enabled" }}
{{- if eq $oidcEnabled "true" }}
{{- if .Capabilities.APIVersions.Has "v1.edp.epam.com/v1" }}
apiVersion: v1.edp.epam.com/v1
kind: KeycloakRealmGroup
metadata:
@@ -51,3 +52,4 @@ spec:
name: keycloakrealm-cozy
kind: ClusterKeycloakRealm
{{- end }}
{{- end }}