forked from DevFW-CICD/stacks
162 lines
3.3 KiB
YAML
162 lines
3.3 KiB
YAML
---
|
|
apiVersion: v1
|
|
kind: Namespace
|
|
metadata:
|
|
name: keycloak
|
|
---
|
|
apiVersion: v1
|
|
kind: Service
|
|
metadata:
|
|
name: keycloak
|
|
labels:
|
|
app: keycloak
|
|
spec:
|
|
ports:
|
|
- name: http
|
|
port: 8080
|
|
targetPort: 8080
|
|
selector:
|
|
app: keycloak
|
|
type: ClusterIP
|
|
---
|
|
apiVersion: apps/v1
|
|
kind: Deployment
|
|
metadata:
|
|
labels:
|
|
app: keycloak
|
|
name: keycloak
|
|
namespace: keycloak
|
|
annotations:
|
|
argocd.argoproj.io/sync-wave: "10"
|
|
spec:
|
|
replicas: 1
|
|
selector:
|
|
matchLabels:
|
|
app: keycloak
|
|
template:
|
|
metadata:
|
|
labels:
|
|
app: keycloak
|
|
spec:
|
|
containers:
|
|
- args:
|
|
- start-dev
|
|
env:
|
|
- name: KEYCLOAK_ADMIN
|
|
value: cnoe-admin
|
|
- name: KEYCLOAK_LOGLEVEL
|
|
value: ALL
|
|
- name: QUARKUS_TRANSACTION_MANAGER_ENABLE_RECOVERY
|
|
value: 'true'
|
|
envFrom:
|
|
- secretRef:
|
|
name: keycloak-config
|
|
image: quay.io/keycloak/keycloak:22.0.3
|
|
name: keycloak
|
|
ports:
|
|
- containerPort: 8080
|
|
name: http
|
|
readinessProbe:
|
|
httpGet:
|
|
path: /keycloak/realms/master
|
|
port: 8080
|
|
volumeMounts:
|
|
- mountPath: /opt/keycloak/conf
|
|
name: keycloak-config
|
|
readOnly: true
|
|
volumes:
|
|
- configMap:
|
|
name: keycloak-config
|
|
name: keycloak-config
|
|
---
|
|
apiVersion: v1
|
|
data:
|
|
keycloak.conf: |
|
|
# Database
|
|
# The database vendor.
|
|
db=postgres
|
|
|
|
# The username of the database user.
|
|
db-url=jdbc:postgresql://postgresql.keycloak.svc.cluster.local:5432/postgres
|
|
|
|
# The proxy address forwarding mode if the server is behind a reverse proxy.
|
|
proxy=edge
|
|
|
|
# hostname configuration
|
|
hostname={{ .Values.edfbuilderTargetDomain }}
|
|
http-relative-path=keycloak
|
|
|
|
# the admin url requires its own configuration to reflect correct url
|
|
|
|
hostname-debug=true
|
|
|
|
# this should only be allowed in development. NEVER in production.
|
|
hostname-strict=false
|
|
hostname-strict-backchannel=false
|
|
|
|
|
|
kind: ConfigMap
|
|
metadata:
|
|
name: keycloak-config
|
|
namespace: keycloak
|
|
---
|
|
apiVersion: v1
|
|
kind: Service
|
|
metadata:
|
|
labels:
|
|
app: postgresql
|
|
name: postgresql
|
|
namespace: keycloak
|
|
spec:
|
|
clusterIP: None
|
|
ports:
|
|
- name: postgres
|
|
port: 5432
|
|
selector:
|
|
app: postgresql
|
|
---
|
|
apiVersion: apps/v1
|
|
kind: StatefulSet
|
|
metadata:
|
|
labels:
|
|
app: postgresql
|
|
name: postgresql
|
|
namespace: keycloak
|
|
spec:
|
|
replicas: 1
|
|
selector:
|
|
matchLabels:
|
|
app: postgresql
|
|
serviceName: service-postgresql
|
|
template:
|
|
metadata:
|
|
labels:
|
|
app: postgresql
|
|
spec:
|
|
containers:
|
|
- envFrom:
|
|
- secretRef:
|
|
name: keycloak-config
|
|
image: docker.io/library/postgres:15.3-alpine3.18
|
|
name: postgres
|
|
ports:
|
|
- containerPort: 5432
|
|
name: postgresdb
|
|
resources:
|
|
limits:
|
|
memory: 500Mi
|
|
requests:
|
|
cpu: 100m
|
|
memory: 300Mi
|
|
volumeMounts:
|
|
- name: data
|
|
mountPath: /var/lib/postgresql/data
|
|
volumeClaimTemplates:
|
|
- metadata:
|
|
name: data
|
|
spec:
|
|
accessModes: ["ReadWriteOnce"]
|
|
resources:
|
|
requests:
|
|
storage: "500Mi"
|
|
|