---
apiVersion: v1
kind: Namespace
metadata:
  name: keycloak
---
apiVersion: v1
kind: Service
metadata:
  name: keycloak
  labels:
    app: keycloak
spec:
  ports:
    - name: http
      port: 8080
      targetPort: 8080
  selector:
    app: keycloak
  type: ClusterIP
---
apiVersion: apps/v1
kind: Deployment
metadata:
  labels:
    app: keycloak
  name: keycloak
  namespace: keycloak
  annotations:
    argocd.argoproj.io/sync-wave: "10"
spec:
  replicas: 1
  selector:
    matchLabels:
      app: keycloak
  template:
    metadata:
      labels:
        app: keycloak
    spec:
      containers:
        - args:
            - start-dev
          env:
            - name: KEYCLOAK_ADMIN
              value: cnoe-admin
            - name: KEYCLOAK_LOGLEVEL
              value: ALL
            - name: QUARKUS_TRANSACTION_MANAGER_ENABLE_RECOVERY
              value: 'true'
          envFrom:
            - secretRef:
                name: keycloak-config
          image: quay.io/keycloak/keycloak:22.0.3
          name: keycloak
          ports:
            - containerPort: 8080
              name: http
          readinessProbe:
            httpGet:
              path: /keycloak/realms/master
              port: 8080
          volumeMounts:
            - mountPath: /opt/keycloak/conf
              name: keycloak-config
              readOnly: true
      volumes:
        - configMap:
            name: keycloak-config
          name: keycloak-config
---
apiVersion: v1
data:
  keycloak.conf: |
    # Database
    # The database vendor.
    db=postgres
    
    # The username of the database user.
    db-url=jdbc:postgresql://postgresql.keycloak.svc.cluster.local:5432/postgres

    # The proxy address forwarding mode if the server is behind a reverse proxy.
    proxy=edge
    
    # hostname configuration
    hostname={{ .Values.edfbuilderTargetDomain }}
    http-relative-path=keycloak
    
    # the admin url requires its own configuration to reflect correct url
    
    hostname-debug=true
    
    # this should only be allowed in development. NEVER in production.
    hostname-strict=false
    hostname-strict-backchannel=false
    

kind: ConfigMap
metadata:
  name: keycloak-config
  namespace: keycloak
---
apiVersion: v1
kind: Service
metadata:
  labels:
    app: postgresql
  name: postgresql
  namespace: keycloak
spec:
  clusterIP: None
  ports:
    - name: postgres
      port: 5432
  selector:
    app: postgresql
---
apiVersion: apps/v1
kind: StatefulSet
metadata:
  labels:
    app: postgresql
  name: postgresql
  namespace: keycloak
spec:
  replicas: 1
  selector:
    matchLabels:
      app: postgresql
  serviceName: service-postgresql
  template:
    metadata:
      labels:
        app: postgresql
    spec:
      containers:
        - envFrom:
            - secretRef:
                name: keycloak-config
          image: docker.io/library/postgres:15.3-alpine3.18
          name: postgres
          ports:
            - containerPort: 5432
              name: postgresdb
          resources:
            limits:
              memory: 500Mi
            requests:
              cpu: 100m
              memory: 300Mi
          volumeMounts:
            - name: data
              mountPath: /var/lib/postgresql/data
  volumeClaimTemplates:
  - metadata:
      name: data
    spec:
      accessModes: ["ReadWriteOnce"]
      resources:
        requests:
          storage: "500Mi"