Gitiles
Code Review Sign In
gerrit.nordix.org / local / oransc / nonrtric-prototyping / c01049918fe84d05d39baca931502c3cd85c02c1 / . / rapps / keycloak.yaml
blob: d1d3d8eec28745fe75f63929d8addbefc2f440ca [file] [log] [blame]
#
# ============LICENSE_START=======================================================
# Copyright (C) 2022 Nordix Foundation.
# ================================================================================
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
# SPDX-License-Identifier: Apache-2.0
# ============LICENSE_END=========================================================
#
apiVersion: v1
kind: ServiceAccount
metadata:
name: keycloak
namespace: default
---
apiVersion: v1
kind: Service
metadata:
name: keycloak
labels:
app: keycloak
spec:
type: ExternalName
externalName: keycloak.local
ports:
- name: http
port: 8080
targetPort: 8080
nodePort: 31560
- name: https
port: 8443
targetPort: 8443
nodePort: 31561
selector:
app: keycloak
type: LoadBalancer
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: keycloak
namespace: default
labels:
app: keycloak
spec:
replicas: 1
selector:
matchLabels:
app: keycloak
template:
metadata:
labels:
app: keycloak
spec:
initContainers:
- name: init-postgres
image: busybox
imagePullPolicy: IfNotPresent
command: ['sh', '-c', 'until nc -vz postgres 5432; do echo waiting for postgres db; sleep 2; done;']
serviceAccountName: keycloak
containers:
- name: keycloak
image: quay.io/keycloak/keycloak:latest
imagePullPolicy: IfNotPresent
env:
- name: KEYCLOAK_USER
value: "admin"
- name: KEYCLOAK_PASSWORD
value: "admin"
- name: KEYCLOAK_HTTPS_PORT
value: "8443"
- name: PROXY_ADDRESS_FORWARDING
value: "true"
- name: MANAGEMENT_USER
value: "wildfly-admin"
- name: MANAGEMENT_PASSWORD
value: "secret"
- name: INGRESS_ENABLED
value: "false"
- name: DB_VENDOR
value: "postgres"
- name: DB_ADDR
value: "postgres"
- name: DB_PORT
value: "5432"
- name: DB_DATABASE
value: "keycloak"
- name: DB_USER
value: "keycloak"
- name : DB_PASSWORD
value: "keycloak"
- name : X509_CA_BUNDLE
value: /etc/x509/https/rootCA.crt
ports:
- name: http
containerPort: 8080
- name: https
containerPort: 8443
readinessProbe:
httpGet:
path: /auth/realms/master
port: 8080
volumeMounts:
- name: keycloak-certs
mountPath: /etc/x509/https
- name: authz-js-policies
mountPath: /opt/jboss/keycloak/standalone/deployments/authz-js-policies.jar
volumes:
- name: keycloak-certs
hostPath:
path: /var/keycloak/certs
type: Directory
- name: authz-js-policies
hostPath:
path: /var/keycloak/deployments/authz-js-policies.jar
type: File
---
apiVersion: networking.istio.io/v1alpha3
kind: Gateway
metadata:
name: kcgateway
spec:
selector:
istio: ingressgateway # use istio default ingress gateway
servers:
- port:
number: 443
name: https
protocol: HTTPS
tls:
mode: PASSTHROUGH
hosts:
- keycloak.est.tech
- port:
number: 80
name: http
protocol: HTTP
hosts:
- "*"
---
apiVersion: networking.istio.io/v1alpha3
kind: VirtualService
metadata:
name: keycloak-tls-vs
spec:
hosts:
- keycloak.est.tech
gateways:
- kcgateway
tls:
- match:
- port: 443
sniHosts:
- keycloak.est.tech
route:
- destination:
host: keycloak.default.svc.cluster.local
port:
number: 8443
---
apiVersion: networking.istio.io/v1beta1
kind: VirtualService
metadata:
name: keycloak-vs
spec:
hosts:
- "*"
gateways:
- kcgateway
http:
- name: "keycloak-routes"
match:
- uri:
prefix: "/auth"
route:
- destination:
port:
number: 8080
host: keycloak.default.svc.cluster.local
---