chore(clean): Move part of logic from instance to deployment

README.md

@@ -21,6 +21,7 @@ values: {
 		{name: "KC_LOG_LEVEL", value:       "INFO"},
 	]
 }
+
 ```
 
 And apply the values with:

templates/config.cue

@@ -107,8 +107,6 @@ import (
 
 	extraEnvs: [...corev1.#EnvVar] | *[]
 
-	ha: replicas > 1
-
 	serviceAccountCreate: *false | bool
 	serviceAccount:       corev1.#ServiceAccount
 
@@ -121,7 +119,7 @@ import (
 	}
 
 	jksCreate: *false | bool
-	// Requird to securize Jgroup in HA
+	// Requird to securize Jgroup
 	jks: certv1.#CertificateSpec & {
 		commonName: *"infinispan-jks" | string
 		issuerRef: name: *"\(metadata.name)" | string
@@ -132,7 +130,7 @@ import (
 	issuerCreate: *false | bool
 	issuer:       issuerv1.#IssuerSpec
 
-	pdbCreate: bool | *ha
+	pdbCreate: bool | *(replicas > 1)
 	pdb: policyv1.#PodDisruptionBudgetSpec & {
 		minAvailable: *1 | int & >0 & <=65535
 	}
@@ -154,10 +152,10 @@ import (
 	}
 
 	database: {
-		if !ha {
+		if !(replicas > 1) {
 			type?: *{value: *"dev-file" | "dev-mem" | "postgres" | "mariadb" | "mssql" | "mysql" | "oracle"} | {valueFrom?: corev1.#EnvVarSource}
 		}
-		if ha {
+		if replicas > 1 {
 			type: *{value: "postgres" | "mariadb" | "mssql" | "mysql" | "oracle"} | {valueFrom?: corev1.#EnvVarSource}
 		}
 		url?: *{value?: string} | corev1.#EnvVarSource

templates/deployment.cue

@@ -6,7 +6,8 @@ import (
 )
 
 #Deployment: appsv1.#Deployment & {
-	#config: #Config
+	#config:           #Config
+	#highAvailability: bool
 	#envs: [...corev1.#EnvVar]
 	#cmName:         string
 	#certSecretName: string
@@ -15,6 +16,17 @@ import (
 	kind:            "Deployment"
 	metadata:        #config.metadata
 
+	#javaOpts?: string
+	if #highAvailability && #config.java.options == _|_ {
+		#javaOpts: "-Djgroups.dns.query=\( #config.metadata.name )-\( #config.cache.jgroups.name )"
+	}
+	if #highAvailability && #config.java.options != _|_ {
+		#javaOpts: "\( #config.java.options ) -Djgroups.dns.query=\( #config.metadata.name )-\( #config.cache.jgroups.name )"
+	}
+	if !#highAvailability && #config.java.options != _|_ {
+		#javaOpts: #config.java.options
+	}
+
 	spec: appsv1.#DeploymentSpec & {
 		replicas: #config.replicas
 		selector: matchLabels: #config.selector.labels
@@ -41,6 +53,27 @@ import (
 						env: [
 							{name: "KC_HEALTH_ENABLED", value: "true"},
 							{name: "KC_HTTP_ENABLED", value:   "true"},
+							if #javaOpts != _|_ {
+								{name: "JAVA_OPTS_APPEND", value: #javaOpts}
+							},
+							if !#highAvailability {
+								{name: "KC_CACHE", value: "local"}
+							},
+							if #highAvailability {
+								{name: "KC_CACHE", value: "ispn"}
+							},
+							if #highAvailability {
+								{name: "KC_CACHE_STACK", value: #config.cache.stack}
+							},
+							if #highAvailability {
+								{name: "KC_CACHE_CONFIG_FILE", value: "cache-ispn.xml"}
+							},
+							if #config.certificateCreate {
+								{name: "KC_HTTPS_CERTIFICATE_FILE", value: "/certs/tls.crt"}
+							},
+							if #config.certificateCreate {
+								{name: "KC_HTTPS_CERTIFICATE_KEY_FILE", value: "/certs/tls.key"}
+							},
 							for x in #envs {x},
 							for x in #config.extraEnvs {x},
 						]
@@ -57,7 +90,7 @@ import (
 									protocol:      "TCP"
 								}
 							},
-							if #config.ha {
+							if #highAvailability {
 								{
 									name:          "jgroups"
 									containerPort: 7800
@@ -103,25 +136,25 @@ import (
 							}
 						}
 						volumeMounts: [
-							if #config.ha {
+							if #highAvailability {
 								{
 									name:      "cache"
 									mountPath: "/opt/keycloak/conf"
-									readOnly: true
+									readOnly:  true
 								}
 							},
 							if #certSecretName != _|_ {
 								{
 									name:      "certs"
 									mountPath: "/certs"
-									readOnly: true
+									readOnly:  true
 								}
 							},
 							if #jksSecretName != _|_ {
 								{
 									name:      "jks"
 									mountPath: "/jks"
-									readOnly: true
+									readOnly:  true
 								}
 							},
 						]
@@ -146,7 +179,7 @@ import (
 							}
 						}
 					},
-					if #config.ha {
+					if #highAvailability {
 						{
 							name: "cache"
 							configMap: {

templates/instance.cue

@@ -2,7 +2,8 @@ package templates
 
 // Instance takes the config values and outputs the Kubernetes objects.
 #Instance: {
-	config: #Config
+	config:           #Config
+	highAvailability: config.replicas > 1
 	objects: {
 
 		namespace: #Namespace & {#config: config}
@@ -26,7 +27,7 @@ package templates
 			issuer: #Issuer & {#config: config}
 		}
 		svcHttp: #ServiceHttp & {#config: config}
-		if config.ha {
+		if highAvailability {
 			svcJgroup: #ServiceJgroup & {#config: config}
 			cm: #ConfigMapIspn & {#config: config}
 		}
@@ -37,7 +38,8 @@ package templates
 
 		if config.networkPolicyCreate {
 			networkPolicy: #NetworkPolicy & {
-				#config: config
+				#config:           config
+				#highAvailability: highAvailability
 			}
 		}
 
@@ -54,52 +56,22 @@ package templates
 		}
 
 		deploy: #Deployment & {
-			#config: config
-			#cmName: *objects.cm.metadata.name | ""
+			#config:           config
+			#highAvailability: highAvailability
+			#cmName:           *objects.cm.metadata.name | ""
 			if objects.cert.spec.secretName != _|_ {
 				#certSecretName: objects.cert.spec.secretName
 			}
 			if objects.jks.spec.secretName != _|_ {
 				#jksSecretName: objects.jks.spec.secretName
 			}
 
-			#javaOpts?: string
-			if config.ha && config.java.options == _|_ {
-				#javaOpts: "-Djgroups.dns.query=\( config.metadata.name )-\( config.cache.jgroups.name )"
-			}
-			if config.ha && config.java.options != _|_ {
-				#javaOpts: "\( config.java.options ) -Djgroups.dns.query=\( config.metadata.name )-\( config.cache.jgroups.name )"
-			}
-			if !config.ha && config.java.options != _|_ {
-				#javaOpts: config.java.options
-			}
 			#envs: [
+				{name: "KEYCLOAK_ADMIN"} & config.admin.user,
+				{name: "KEYCLOAK_ADMIN_PASSWORD"} & config.admin.password,
 				if config.database.type != _|_ {
 					{name: "KC_DB"} & config.database.type
 				},
-				if !config.ha {
-					{name: "KC_CACHE", value: "local"}
-				},
-				if config.ha == true {
-					{name: "KC_CACHE", value: "ispn"}
-				},
-				if config.ha == true {
-					{name: "KC_CACHE_STACK", value: config.cache.stack}
-				},
-				if config.ha == true {
-					{name: "KC_CACHE_CONFIG_FILE", value: "cache-ispn.xml"}
-				},
-				if #javaOpts != _|_ {
-					{name: "JAVA_OPTS_APPEND", value: #javaOpts}
-				},
-				if config.certificateCreate {
-					{name: "KC_HTTPS_CERTIFICATE_FILE", value: "/certs/tls.crt"}
-				},
-				if config.certificateCreate {
-					{name: "KC_HTTPS_CERTIFICATE_KEY_FILE", value: "/certs/tls.key"}
-				},
-				{name: "KEYCLOAK_ADMIN"} & config.admin.user,
-				{name: "KEYCLOAK_ADMIN_PASSWORD"} & config.admin.password,
 				if config.database.url != _|_ {
 					{name: "KC_DB_URL"} & config.database.url
 				},

templates/networking.cue

@@ -5,10 +5,11 @@ import (
 )
 
 #NetworkPolicy: netv1.#NetworkPolicy & {
-	apiVersion: "networking.k8s.io/v1"
-	kind:       "NetworkPolicy"
-	#config:    #Config
-	metadata:   #config.metadata
+	apiVersion:        "networking.k8s.io/v1"
+	kind:              "NetworkPolicy"
+	metadata:          #config.metadata
+	#config:           #Config
+	#highAvailability: bool
 	spec: netv1.#NetworkPolicySpec & {
 		policyTypes: ["Ingress"]
 		podSelector: {
@@ -31,7 +32,7 @@ import (
 				},
 				]},
 			// Allow Keycloak Jgroup
-			if #config.ha {
+			if #highAvailability {
 				{
 					from: [{
 						podSelector: {

templates/services.cue

@@ -54,21 +54,21 @@ import (
 	#config:    #Config
 	#component: "jgroups"
 	spec: {
-		clusterIP: "None"
+		clusterIP:                "None"
 		publishNotReadyAddresses: true
 		ports: [
 			{
-				name:       "jgroups"
-				port:       7800
-				protocol:   "TCP"
-				targetPort: "jgroups"
+				name:        "jgroups"
+				port:        7800
+				protocol:    "TCP"
+				targetPort:  "jgroups"
 				appProtocol: "tcp"
 			},
 			{
-				name:       "jgroups-ssl"
-				port:       2157
-				protocol:   "TCP"
-				targetPort: "jgroups"
+				name:        "jgroups-ssl"
+				port:        2157
+				protocol:    "TCP"
+				targetPort:  "jgroups"
 				appProtocol: "tcp"
 			},
 		]

test/certificate.yaml

@@ -256,16 +256,14 @@ spec:
           value: "true"
         - name: KC_HTTP_ENABLED
           value: "true"
-        - name: KC_DB
-          value: postgres
+        - name: JAVA_OPTS_APPEND
+          value: -Djgroups.dns.query=keycloak-jgroups
         - name: KC_CACHE
           value: ispn
         - name: KC_CACHE_STACK
           value: kubernetes
         - name: KC_CACHE_CONFIG_FILE
           value: cache-ispn.xml
-        - name: JAVA_OPTS_APPEND
-          value: -Djgroups.dns.query=keycloak-jgroups
         - name: KC_HTTPS_CERTIFICATE_FILE
           value: /certs/tls.crt
         - name: KC_HTTPS_CERTIFICATE_KEY_FILE
@@ -274,6 +272,8 @@ spec:
           value: admin
         - name: KEYCLOAK_ADMIN_PASSWORD
           value: admin
+        - name: KC_DB
+          value: postgres
         - name: KC_DB_URL
           value: jdbc:postgresql://localhost/keycloak
         - name: KC_DB_USERNAME

test/pdb.yaml

@@ -195,20 +195,20 @@ spec:
           value: "true"
         - name: KC_HTTP_ENABLED
           value: "true"
-        - name: KC_DB
-          value: postgres
+        - name: JAVA_OPTS_APPEND
+          value: -Xms256m -Djgroups.dns.query=keycloak-jgroups
         - name: KC_CACHE
           value: ispn
         - name: KC_CACHE_STACK
           value: kubernetes
         - name: KC_CACHE_CONFIG_FILE
           value: cache-ispn.xml
-        - name: JAVA_OPTS_APPEND
-          value: -Xms256m -Djgroups.dns.query=keycloak-jgroups
         - name: KEYCLOAK_ADMIN
           value: admin
         - name: KEYCLOAK_ADMIN_PASSWORD
           value: admin
+        - name: KC_DB
+          value: postgres
         image: quay.io/keycloak/keycloak:23.0@sha256:cff31dc6fbb0ab0b66176b990e6b9e262fa74a501abb9a4bfa4a529cbc8a526a
         imagePullPolicy: IfNotPresent
         livenessProbe:

test/production-istio.yaml

@@ -268,20 +268,20 @@ spec:
           value: "true"
         - name: KC_HTTP_ENABLED
           value: "true"
-        - name: KC_DB
-          value: postgres
+        - name: JAVA_OPTS_APPEND
+          value: -Djgroups.dns.query=keycloak-jgroups
         - name: KC_CACHE
           value: ispn
         - name: KC_CACHE_STACK
           value: kubernetes
         - name: KC_CACHE_CONFIG_FILE
           value: cache-ispn.xml
-        - name: JAVA_OPTS_APPEND
-          value: -Djgroups.dns.query=keycloak-jgroups
         - name: KEYCLOAK_ADMIN
           value: admin
         - name: KEYCLOAK_ADMIN_PASSWORD
           value: FIXME-USE-SECRET
+        - name: KC_DB
+          value: postgres
         - name: KC_DB_URL
           value: jdbc:postgresql://keycloak.postgres.svc.cluster.local/keycloakdb?sslmode=require
         - name: KC_DB_USERNAME