stacks_adding_alloy/template/stacks/ref-implementation/keycloak/manifests/install.yaml

---
apiVersion: v1
kind: Namespace
metadata:
  name: keycloak
---
apiVersion: v1
kind: Service
metadata:
  name: keycloak
  labels:
    app: keycloak
spec:
  ports:
    - name: http
      port: 8080
      targetPort: 8080
  selector:
    app: keycloak
  type: ClusterIP
---
apiVersion: apps/v1
kind: Deployment
metadata:
  labels:
    app: keycloak
  name: keycloak
  namespace: keycloak
  annotations:
    argocd.argoproj.io/sync-wave: "10"
spec:
  replicas: 1
  selector:
    matchLabels:
      app: keycloak
  template:
    metadata:
      labels:
        app: keycloak
    spec:
      containers:
        - args:
            - start-dev
          env:
            - name: KEYCLOAK_ADMIN
              value: cnoe-admin
            - name: KEYCLOAK_LOGLEVEL
              value: ALL
            - name: QUARKUS_TRANSACTION_MANAGER_ENABLE_RECOVERY
              value: 'true'
          envFrom:
            - secretRef:
                name: keycloak-config
          image: quay.io/keycloak/keycloak:22.0.3
          name: keycloak
          ports:
            - containerPort: 8080
              name: http
          readinessProbe:
            httpGet:
              path: /keycloak/realms/master
              port: 8080
          volumeMounts:
            - mountPath: /opt/keycloak/conf
              name: keycloak-config
              readOnly: true
      volumes:
        - configMap:
            name: keycloak-config
          name: keycloak-config
---
apiVersion: v1
data:
  keycloak.conf: |
    # Database
    # The database vendor.
    db=postgres
    
    # The username of the database user.
    db-url=jdbc:postgresql://postgresql.keycloak.svc.cluster.local:5432/postgres

    # The proxy address forwarding mode if the server is behind a reverse proxy.
    proxy=edge
    
    # hostname configuration
    hostname={{ .Values.edfbuilderTargetDomain }}
    http-relative-path=keycloak
    
    # the admin url requires its own configuration to reflect correct url
    
    hostname-debug=true
    
    # this should only be allowed in development. NEVER in production.
    hostname-strict=false
    hostname-strict-backchannel=false
    

kind: ConfigMap
metadata:
  name: keycloak-config
  namespace: keycloak
---
apiVersion: v1
kind: Service
metadata:
  labels:
    app: postgresql
  name: postgresql
  namespace: keycloak
spec:
  clusterIP: None
  ports:
    - name: postgres
      port: 5432
  selector:
    app: postgresql
---
apiVersion: apps/v1
kind: StatefulSet
metadata:
  labels:
    app: postgresql
  name: postgresql
  namespace: keycloak
spec:
  replicas: 1
  selector:
    matchLabels:
      app: postgresql
  serviceName: service-postgresql
  template:
    metadata:
      labels:
        app: postgresql
    spec:
      containers:
        - envFrom:
            - secretRef:
                name: keycloak-config
          image: docker.io/library/postgres:15.3-alpine3.18
          name: postgres
          ports:
            - containerPort: 5432
              name: postgresdb
          resources:
            limits:
              memory: 500Mi
            requests:
              cpu: 100m
              memory: 300Mi
          volumeMounts:
            - name: data
              mountPath: /var/lib/postgresql/data
  volumeClaimTemplates:
  - metadata:
      name: data
    spec:
      accessModes: ["ReadWriteOnce"]
      resources:
        requests:
          storage: "500Mi"
first commit 2024-11-20 14:18:39 +00:00			`---`
			`apiVersion: v1`
			`kind: Namespace`
			`metadata:`
			`name: keycloak`
			`---`
			`apiVersion: v1`
			`kind: Service`
			`metadata:`
			`name: keycloak`
			`labels:`
			`app: keycloak`
			`spec:`
			`ports:`
			`- name: http`
			`port: 8080`
			`targetPort: 8080`
			`selector:`
			`app: keycloak`
			`type: ClusterIP`
			`---`
			`apiVersion: apps/v1`
			`kind: Deployment`
			`metadata:`
			`labels:`
			`app: keycloak`
			`name: keycloak`
			`namespace: keycloak`
			`annotations:`
			`argocd.argoproj.io/sync-wave: "10"`
			`spec:`
			`replicas: 1`
			`selector:`
			`matchLabels:`
			`app: keycloak`
			`template:`
			`metadata:`
			`labels:`
			`app: keycloak`
			`spec:`
			`containers:`
			`- args:`
			`- start-dev`
			`env:`
			`- name: KEYCLOAK_ADMIN`
			`value: cnoe-admin`
			`- name: KEYCLOAK_LOGLEVEL`
			`value: ALL`
			`- name: QUARKUS_TRANSACTION_MANAGER_ENABLE_RECOVERY`
			`value: 'true'`
			`envFrom:`
			`- secretRef:`
			`name: keycloak-config`
			`image: quay.io/keycloak/keycloak:22.0.3`
			`name: keycloak`
			`ports:`
			`- containerPort: 8080`
			`name: http`
			`readinessProbe:`
			`httpGet:`
			`path: /keycloak/realms/master`
			`port: 8080`
			`volumeMounts:`
			`- mountPath: /opt/keycloak/conf`
			`name: keycloak-config`
			`readOnly: true`
			`volumes:`
			`- configMap:`
			`name: keycloak-config`
			`name: keycloak-config`
			`---`
			`apiVersion: v1`
			`data:`
			`keycloak.conf: \|`
			`# Database`
			`# The database vendor.`
			`db=postgres`

			`# The username of the database user.`
			`db-url=jdbc:postgresql://postgresql.keycloak.svc.cluster.local:5432/postgres`

			`# The proxy address forwarding mode if the server is behind a reverse proxy.`
			`proxy=edge`

			`# hostname configuration`
Renamed placeholder to not overlap with the first replacement wave 2024-11-26 21:15:37 +00:00			`hostname={{ .Values.edfbuilderTargetDomain }}`
first commit 2024-11-20 14:18:39 +00:00			`http-relative-path=keycloak`

			`# the admin url requires its own configuration to reflect correct url`

			`hostname-debug=true`

			`# this should only be allowed in development. NEVER in production.`
			`hostname-strict=false`
			`hostname-strict-backchannel=false`


			`kind: ConfigMap`
			`metadata:`
			`name: keycloak-config`
			`namespace: keycloak`
			`---`
			`apiVersion: v1`
			`kind: Service`
			`metadata:`
			`labels:`
			`app: postgresql`
			`name: postgresql`
			`namespace: keycloak`
			`spec:`
			`clusterIP: None`
			`ports:`
			`- name: postgres`
			`port: 5432`
			`selector:`
			`app: postgresql`
			`---`
			`apiVersion: apps/v1`
			`kind: StatefulSet`
			`metadata:`
			`labels:`
			`app: postgresql`
			`name: postgresql`
			`namespace: keycloak`
			`spec:`
			`replicas: 1`
			`selector:`
			`matchLabels:`
			`app: postgresql`
			`serviceName: service-postgresql`
			`template:`
			`metadata:`
			`labels:`
			`app: postgresql`
			`spec:`
			`containers:`
			`- envFrom:`
			`- secretRef:`
			`name: keycloak-config`
			`image: docker.io/library/postgres:15.3-alpine3.18`
			`name: postgres`
			`ports:`
			`- containerPort: 5432`
			`name: postgresdb`
			`resources:`
			`limits:`
			`memory: 500Mi`
			`requests:`
			`cpu: 100m`
			`memory: 300Mi`
			`volumeMounts:`
			`- name: data`
			`mountPath: /var/lib/postgresql/data`
			`volumeClaimTemplates:`
			`- metadata:`
			`name: data`
			`spec:`
			`accessModes: ["ReadWriteOnce"]`
			`resources:`
			`requests:`
			`storage: "500Mi"`