84 lines
2.5 KiB
YAML
84 lines
2.5 KiB
YAML
apiVersion: apps/v1
|
|
kind: Deployment
|
|
metadata:
|
|
name: keycloak
|
|
labels:
|
|
app: keycloak
|
|
spec:
|
|
replicas: 2
|
|
selector:
|
|
matchLabels:
|
|
app: keycloak
|
|
template:
|
|
metadata:
|
|
labels:
|
|
app: keycloak
|
|
spec:
|
|
containers:
|
|
- name: keycloak
|
|
image: git.janky.solutions/jankysolutions/infra/keycloak:25.0
|
|
imagePullPolicy: Always
|
|
resources: {}
|
|
volumeMounts:
|
|
- name: certs
|
|
mountPath: /etc/certs
|
|
readOnly: true
|
|
- name: postgres-ca
|
|
mountPath: /opt/keycloak/.postgresql/root.crt
|
|
subPath: ca.crt
|
|
readOnly: true
|
|
env:
|
|
- name: KC_HTTPS_CERTIFICATE_FILE
|
|
value: "/etc/certs/tls.crt"
|
|
- name: KC_HTTPS_CERTIFICATE_KEY_FILE
|
|
value: "/etc/certs/tls.key"
|
|
- name: KC_HEALTH_ENABLED
|
|
value: "true"
|
|
- name: KC_METRICS_ENABLED
|
|
value: "true"
|
|
- name: KC_HOSTNAME_URL
|
|
value: https://auth-next.janky.solutions/
|
|
- name: KC_HOSTNAME
|
|
value: https://auth-next.janky.solutions/
|
|
- name: KC_PROXY_HEADERS
|
|
value: xforwarded
|
|
- name: KC_DB
|
|
value: postgres
|
|
- name: KC_DB_URL
|
|
value: "jdbc:postgresql://keycloak-database.keycloak.svc.cluster.local/keycloak?ssl=true"
|
|
- name: KC_DB_USERNAME
|
|
valueFrom:
|
|
secretKeyRef:
|
|
name: keycloak.keycloak-database.credentials.postgresql.acid.zalan.do
|
|
key: username
|
|
- name: KC_DB_PASSWORD
|
|
valueFrom:
|
|
secretKeyRef:
|
|
name: keycloak.keycloak-database.credentials.postgresql.acid.zalan.do
|
|
key: password
|
|
- name: KC_LOG_CONSOLE_OUTPUT
|
|
value: json
|
|
# - name: KC_LOG_LEVEL
|
|
# value: "DEBUG"
|
|
- name: jgroups.dns.query
|
|
value: keycloak
|
|
ports:
|
|
- name: jgroups
|
|
containerPort: 7600
|
|
- name: web
|
|
containerPort: 8443
|
|
- name: management
|
|
containerPort: 9000
|
|
readinessProbe:
|
|
httpGet:
|
|
scheme: HTTPS
|
|
path: /health/ready
|
|
port: 9000
|
|
initialDelaySeconds: 30
|
|
volumes:
|
|
- name: certs
|
|
secret:
|
|
secretName: keycloak-frontend
|
|
- name: postgres-ca
|
|
secret:
|
|
secretName: database-certificate
|