infra/k8s/keycloak/deployment.yaml

apiVersion: apps/v1
kind: Deployment
metadata:
  name: keycloak
  labels:
    app: keycloak
spec:
  replicas: 2
  selector:
    matchLabels:
      app: keycloak
  template:
    metadata:
      labels:
        app: keycloak
    spec:
      containers:
        - name: keycloak
          image: git.janky.solutions/jankysolutions/infra/keycloak:25.0
          imagePullPolicy: Always
          resources: {}
          volumeMounts:
          - name: certs
            mountPath: /etc/certs
            readOnly: true
          - name: postgres-ca
            mountPath: /opt/keycloak/.postgresql/root.crt
            subPath: ca.crt
            readOnly: true
          env:
            - name: KEYCLOAK_ADMIN
              value: "admin"
            - name: KEYCLOAK_ADMIN_PASSWORD
              value: "admin"
            - name: KC_HTTPS_CERTIFICATE_FILE
              value: "/etc/certs/tls.crt"
            - name: KC_HTTPS_CERTIFICATE_KEY_FILE
              value: "/etc/certs/tls.key"
            - name: KC_HEALTH_ENABLED
              value: "true"
            - name: KC_METRICS_ENABLED
              value: "true"
            - name: KC_HOSTNAME
              value: https://auth-next.janky.solutions
            - name: KC_PROXY
              value: reencrypt
            - name: KC_PROXY_HEADERS
              value: xforwarded
            - name: KC_DB
              value: postgres
            - name: KC_DB_URL
              value: "jdbc:postgresql://keycloak-database.keycloak.svc.cluster.local/keycloak?ssl=true"
            - name: KC_DB_USERNAME
              valueFrom:
                secretKeyRef:
                  name: keycloak.keycloak-database.credentials.postgresql.acid.zalan.do
                  key: username
            - name: KC_DB_PASSWORD
              valueFrom:
                secretKeyRef:
                  name: keycloak.keycloak-database.credentials.postgresql.acid.zalan.do
                  key: password
            - name: jgroups.dns.query
              value: keycloak
          ports:
            - name: jgroups
              containerPort: 7600
            - name: web
              containerPort: 8443
            - name: management
              containerPort: 9000
          readinessProbe:
            httpGet:
              scheme: HTTPS
              path: /health/ready
              port: 9000
            initialDelaySeconds: 60
            periodSeconds: 1
      volumes:
      - name: certs
        secret:
          secretName: keycloak-frontend
      - name: postgres-ca
        secret:
          secretName: database-certificate
add keycloak 2024-07-11 03:24:06 +00:00			`apiVersion: apps/v1`
			`kind: Deployment`
			`metadata:`
			`name: keycloak`
			`labels:`
			`app: keycloak`
			`spec:`
			`replicas: 2`
			`selector:`
			`matchLabels:`
			`app: keycloak`
			`template:`
			`metadata:`
			`labels:`
			`app: keycloak`
			`spec:`
			`containers:`
			`- name: keycloak`
			`image: git.janky.solutions/jankysolutions/infra/keycloak:25.0`
			`imagePullPolicy: Always`
			`resources: {}`
			`volumeMounts:`
			`- name: certs`
			`mountPath: /etc/certs`
			`readOnly: true`
			`- name: postgres-ca`
			`mountPath: /opt/keycloak/.postgresql/root.crt`
			`subPath: ca.crt`
			`readOnly: true`
			`env:`
			`- name: KEYCLOAK_ADMIN`
			`value: "admin"`
			`- name: KEYCLOAK_ADMIN_PASSWORD`
			`value: "admin"`
			`- name: KC_HTTPS_CERTIFICATE_FILE`
			`value: "/etc/certs/tls.crt"`
			`- name: KC_HTTPS_CERTIFICATE_KEY_FILE`
			`value: "/etc/certs/tls.key"`
			`- name: KC_HEALTH_ENABLED`
			`value: "true"`
			`- name: KC_METRICS_ENABLED`
			`value: "true"`
			`- name: KC_HOSTNAME`
			`value: https://auth-next.janky.solutions`
			`- name: KC_PROXY`
			`value: reencrypt`
			`- name: KC_PROXY_HEADERS`
			`value: xforwarded`
			`- name: KC_DB`
			`value: postgres`
			`- name: KC_DB_URL`
			`value: "jdbc:postgresql://keycloak-database.keycloak.svc.cluster.local/keycloak?ssl=true"`
			`- name: KC_DB_USERNAME`
			`valueFrom:`
			`secretKeyRef:`
			`name: keycloak.keycloak-database.credentials.postgresql.acid.zalan.do`
			`key: username`
			`- name: KC_DB_PASSWORD`
			`valueFrom:`
			`secretKeyRef:`
			`name: keycloak.keycloak-database.credentials.postgresql.acid.zalan.do`
			`key: password`
			`- name: jgroups.dns.query`
			`value: keycloak`
			`ports:`
			`- name: jgroups`
			`containerPort: 7600`
			`- name: web`
			`containerPort: 8443`
			`- name: management`
			`containerPort: 9000`
			`readinessProbe:`
			`httpGet:`
			`scheme: HTTPS`
			`path: /health/ready`
			`port: 9000`
			`initialDelaySeconds: 60`
			`periodSeconds: 1`
			`volumes:`
			`- name: certs`
			`secret:`
			`secretName: keycloak-frontend`
			`- name: postgres-ca`
			`secret:`
			`secretName: database-certificate`