--- apiVersion: apps/v1 kind: Deployment metadata: name: keycloak-deployment namespace: keycloak labels: app: keycloak spec: replicas: 1 selector: matchLabels: app: keycloak template: metadata: labels: app: keycloak spec: containers: - name: keycloak-db image: docker.io/library/postgres:bullseye volumeMounts: - name: db-storage mountPath: "/var/lib/postgresql/data" env: - name: POSTGRES_DB value: keycloak - name: POSTGRES_PASSWORD valueFrom: secretKeyRef: name: keycloak-db-secret key: POSTGRES_PASSWORD - name: keycloak image: harbor.internal.jpace121.net/k8s/jpace-keycloak:20.0.0 env: - name: KC_LOG_LEVEL value: DEBUG - name: KEYCLOAK_ADMIN value: admin - name: KEYCLOAK_ADMIN_PASSWORD valueFrom: secretKeyRef: name: keycloak-secret key: KEYCLOAK_ADMIN_PASSWORD - name: KC_DB value: postgres - name: KC_DB_USERNAME value: postgres - name: KC_DB_PASSWORD valueFrom: secretKeyRef: name: keycloak-secret key: KC_DB_PASSWORD volumeMounts: - name: keycloak-config mountPath: /opt/keycloak-config/ args: - start - --hostname-url=https://auth.jpace121.net - --hostname-strict-backchannel=true - --hostname-admin-url=https://auth.jpace121.net - --https-client-auth=request - --spi-truststore-file-file=/opt/keycloak-config/truststore.jks - --spi-truststore-file-password=password - --spi-x509cert-lookup-nginx-ssl-client-cert=ssl-client-cert - --spi-x509cert-lookup-provider=nginx - --features docker - --proxy=edge volumes: - name: db-storage persistentVolumeClaim: claimName: keycloak-db-pvc - name: keycloak-config configMap: name: keycloak-config