80 lines
2.2 KiB
YAML
80 lines
2.2 KiB
YAML
---
|
|
apiVersion: apps/v1
|
|
kind: Deployment
|
|
metadata:
|
|
name: keycloak-deployment
|
|
namespace: keycloak
|
|
labels:
|
|
app: keycloak
|
|
spec:
|
|
replicas: 1
|
|
strategy:
|
|
type: Recreate
|
|
selector:
|
|
matchLabels:
|
|
app: keycloak
|
|
template:
|
|
metadata:
|
|
labels:
|
|
app: keycloak
|
|
spec:
|
|
containers:
|
|
- name: keycloak-db
|
|
image: docker.io/library/postgres:bullseye
|
|
volumeMounts:
|
|
- name: db-storage
|
|
mountPath: "/var/lib/postgresql/data"
|
|
env:
|
|
- name: POSTGRES_DB
|
|
value: keycloak
|
|
- name: POSTGRES_PASSWORD
|
|
valueFrom:
|
|
secretKeyRef:
|
|
name: keycloak-db-secret
|
|
key: POSTGRES_PASSWORD
|
|
lifecycle:
|
|
preStop:
|
|
exec:
|
|
command: ["/usr/local/bin/pg_ctl stop -D /var/lib/postgresql/data -w -t 60 -m fast"]
|
|
- name: keycloak
|
|
image: harbor.internal.jpace121.net/k8s/jpace-keycloak:23.0.0
|
|
env:
|
|
- name: KC_LOG_LEVEL
|
|
value: DEBUG
|
|
- name: KEYCLOAK_ADMIN
|
|
value: admin
|
|
- name: KEYCLOAK_ADMIN_PASSWORD
|
|
valueFrom:
|
|
secretKeyRef:
|
|
name: keycloak-secret
|
|
key: KEYCLOAK_ADMIN_PASSWORD
|
|
- name: KC_DB
|
|
value: postgres
|
|
- name: KC_DB_USERNAME
|
|
value: postgres
|
|
- name: KC_DB_PASSWORD
|
|
valueFrom:
|
|
secretKeyRef:
|
|
name: keycloak-secret
|
|
key: KC_DB_PASSWORD
|
|
volumeMounts:
|
|
- name: keycloak-config
|
|
mountPath: /opt/keycloak-config/
|
|
args:
|
|
- start
|
|
- --hostname-url=https://auth.jpace121.net
|
|
- --hostname-strict-backchannel=true
|
|
- --hostname-admin-url=https://auth.jpace121.net
|
|
- --https-client-auth=request
|
|
- --spi-truststore-file-file=/opt/keycloak-config/truststore.jks
|
|
- --spi-truststore-file-password=password
|
|
- --spi-x509cert-lookup-nginx-ssl-client-cert=ssl-client-cert
|
|
- --spi-x509cert-lookup-provider=nginx
|
|
- --proxy=edge
|
|
volumes:
|
|
- name: db-storage
|
|
persistentVolumeClaim:
|
|
claimName: keycloak-db-pvc
|
|
- name: keycloak-config
|
|
configMap:
|
|
name: keycloak-config |