apiVersion: apps/v1 kind: Deployment metadata: name: keycloak labels: app: keycloak spec: replicas: 2 selector: matchLabels: app: keycloak template: metadata: labels: app: keycloak spec: containers: - name: keycloak image: git.janky.solutions/jankysolutions/infra/keycloak:25.0 imagePullPolicy: Always resources: {} volumeMounts: - name: certs mountPath: /etc/certs readOnly: true - name: postgres-ca mountPath: /opt/keycloak/.postgresql/root.crt subPath: ca.crt readOnly: true env: - name: KEYCLOAK_ADMIN value: "admin" - name: KEYCLOAK_ADMIN_PASSWORD value: "admin" - name: KC_HTTPS_CERTIFICATE_FILE value: "/etc/certs/tls.crt" - name: KC_HTTPS_CERTIFICATE_KEY_FILE value: "/etc/certs/tls.key" - name: KC_HEALTH_ENABLED value: "true" - name: KC_METRICS_ENABLED value: "true" - name: KC_HOSTNAME value: https://auth-next.janky.solutions - name: KC_PROXY value: reencrypt - name: KC_PROXY_HEADERS value: xforwarded - name: KC_DB value: postgres - name: KC_DB_URL value: "jdbc:postgresql://keycloak-database.keycloak.svc.cluster.local/keycloak?ssl=true" - name: KC_DB_USERNAME valueFrom: secretKeyRef: name: keycloak.keycloak-database.credentials.postgresql.acid.zalan.do key: username - name: KC_DB_PASSWORD valueFrom: secretKeyRef: name: keycloak.keycloak-database.credentials.postgresql.acid.zalan.do key: password - name: jgroups.dns.query value: keycloak ports: - name: jgroups containerPort: 7600 - name: web containerPort: 8443 - name: management containerPort: 9000 readinessProbe: httpGet: scheme: HTTPS path: /health/ready port: 9000 initialDelaySeconds: 60 periodSeconds: 1 volumes: - name: certs secret: secretName: keycloak-frontend - name: postgres-ca secret: secretName: database-certificate