ktimoney | f27b513 | 2022-03-07 16:48:47 +0000 | [diff] [blame^] | 1 | apiVersion: v1 |
| 2 | kind: PersistentVolume |
| 3 | metadata: |
| 4 | name: keycloak-certs-pv-volume |
| 5 | namespace: default |
| 6 | labels: |
| 7 | type: local |
| 8 | app: keycloak |
| 9 | spec: |
| 10 | storageClassName: manual |
| 11 | capacity: |
| 12 | storage: 100Mi |
| 13 | accessModes: |
| 14 | - ReadWriteOnce |
| 15 | hostPath: |
| 16 | path: "/var/keycloak/certs" |
| 17 | --- |
| 18 | apiVersion: v1 |
| 19 | kind: PersistentVolumeClaim |
| 20 | metadata: |
| 21 | name: keycloak-certs-pv-claim |
| 22 | namespace: default |
| 23 | labels: |
| 24 | app: keycloak |
| 25 | spec: |
| 26 | storageClassName: manual |
| 27 | accessModes: |
| 28 | - ReadWriteOnce |
| 29 | resources: |
| 30 | requests: |
| 31 | storage: 100Mi |
| 32 | --- |
| 33 | apiVersion: v1 |
| 34 | kind: ServiceAccount |
| 35 | metadata: |
| 36 | name: keycloak |
| 37 | namespace: default |
| 38 | --- |
| 39 | apiVersion: v1 |
| 40 | kind: Service |
| 41 | metadata: |
| 42 | name: keycloak |
| 43 | labels: |
| 44 | app: keycloak |
| 45 | spec: |
| 46 | type: ExternalName |
| 47 | externalName: keycloak.local |
| 48 | ports: |
| 49 | - name: http |
| 50 | port: 8080 |
| 51 | targetPort: 8080 |
| 52 | nodePort: 31560 |
| 53 | - name: https |
| 54 | port: 8443 |
| 55 | targetPort: 8443 |
| 56 | nodePort: 31561 |
| 57 | selector: |
| 58 | app: keycloak |
| 59 | type: LoadBalancer |
| 60 | --- |
| 61 | apiVersion: apps/v1 |
| 62 | kind: Deployment |
| 63 | metadata: |
| 64 | name: keycloak |
| 65 | namespace: default |
| 66 | labels: |
| 67 | app: keycloak |
| 68 | spec: |
| 69 | replicas: 1 |
| 70 | selector: |
| 71 | matchLabels: |
| 72 | app: keycloak |
| 73 | template: |
| 74 | metadata: |
| 75 | labels: |
| 76 | app: keycloak |
| 77 | spec: |
| 78 | initContainers: |
| 79 | - name: init-postgres |
| 80 | image: busybox |
| 81 | imagePullPolicy: IfNotPresent |
| 82 | command: ['sh', '-c', 'until nc -vz postgres 5432; do echo waiting for postgres db; sleep 2; done;'] |
| 83 | serviceAccountName: keycloak |
| 84 | containers: |
| 85 | - name: keycloak |
| 86 | image: quay.io/keycloak/keycloak:latest |
| 87 | imagePullPolicy: IfNotPresent |
| 88 | env: |
| 89 | - name: KEYCLOAK_USER |
| 90 | value: "admin" |
| 91 | - name: KEYCLOAK_PASSWORD |
| 92 | value: "admin" |
| 93 | - name: KEYCLOAK_HTTPS_PORT |
| 94 | value: "8443" |
| 95 | - name: PROXY_ADDRESS_FORWARDING |
| 96 | value: "true" |
| 97 | - name: MANAGEMENT_USER |
| 98 | value: "wildfly-admin" |
| 99 | - name: MANAGEMENT_PASSWORD |
| 100 | value: "secret" |
| 101 | - name: INGRESS_ENABLED |
| 102 | value: "false" |
| 103 | - name: DB_VENDOR |
| 104 | value: "postgres" |
| 105 | - name: DB_ADDR |
| 106 | value: "postgres" |
| 107 | - name: DB_PORT |
| 108 | value: "5432" |
| 109 | - name: DB_DATABASE |
| 110 | value: "keycloak" |
| 111 | - name: DB_USER |
| 112 | value: "keycloak" |
| 113 | - name : DB_PASSWORD |
| 114 | value: "keycloak" |
| 115 | - name : X509_CA_BUNDLE |
| 116 | value: /etc/x509/https/rootCA.crt |
| 117 | ports: |
| 118 | - name: http |
| 119 | containerPort: 8080 |
| 120 | - name: https |
| 121 | containerPort: 8443 |
| 122 | readinessProbe: |
| 123 | httpGet: |
| 124 | path: /auth/realms/master |
| 125 | port: 8080 |
| 126 | volumeMounts: |
| 127 | - name: keycloak-certs |
| 128 | mountPath: /etc/x509/https |
| 129 | volumes: |
| 130 | - name: keycloak-certs |
| 131 | persistentVolumeClaim: |
| 132 | claimName: keycloak-certs-pv-claim |
| 133 | --- |