apiVersion: apps/v1 kind: StatefulSet metadata: labels: app: keycloak annotations: reloader.stakater.com/auto: "true" name: cascade namespace: keycloak spec: podManagementPolicy: OrderedReady replicas: 1 selector: matchLabels: app: keycloak serviceName: "keycloak" template: metadata: labels: app: keycloak spec: initContainers: - name: create-ca-jks command: ["pembundle2jks", "-o", "/ca-transfer/ca-bundle.jks", "/etc/ssl/certs/ca-bundle.crt"] image: jamesandariese/pembundle2jks volumeMounts: - mountPath: /etc/ssl/certs/ca-bundle.crt name: ca-bundle subPath: ca-bundle.crt - mountPath: /ca-transfer name: ca-transfer - name: delete-admin image: jamesandariese/keycloak-delete-admin env: - name: KC_DB value: postgres - name: KC_DB_USERNAME valueFrom: secretKeyRef: key: user name: keycloakdb-pguser-keycloakdb - name: KC_DB_PASSWORD valueFrom: secretKeyRef: key: password name: keycloakdb-pguser-keycloakdb - name: KC_DB_URL_DATABASE value: keycloakdb - name: KC_DB_URL_HOST value: keycloakdb-primary.keycloak.svc containers: - args: - start env: - name: KC_PROXY value: edge - name: KC_HEALTH_ENABLED value: "true" - name: KEYCLOAK_ADMIN valueFrom: secretKeyRef: key: username name: keycloak-admin - name: KEYCLOAK_ADMIN_PASSWORD valueFrom: secretKeyRef: key: password name: keycloak-admin - name: KC_HOSTNAME value: auth.werts.us - name: KC_HTTP_PORT value: "8080" - name: KC_HTTPS_PORT value: "8443" - name: KC_HTTPS_CERTIFICATE_FILE value: /mnt/certificates/tls.crt - name: KC_HTTPS_CERTIFICATE_KEY_FILE value: /mnt/certificates/tls.key - name: KC_HTTPS_TRUST_STORE_FILE value: /ca-transfer/ca-bundle.jks - name: KC_HTTPS_TRUST_STORE_PASSWORD value: changeit - name: KC_DB value: postgres - name: KC_DB_USERNAME valueFrom: secretKeyRef: key: user name: keycloakdb-pguser-keycloakdb - name: KC_DB_PASSWORD valueFrom: secretKeyRef: key: password name: keycloakdb-pguser-keycloakdb - name: KC_DB_URL_DATABASE value: keycloakdb - name: KC_DB_URL_HOST value: keycloakdb-primary.keycloak.svc image: quay.io/keycloak/keycloak:21.0.0 imagePullPolicy: Always livenessProbe: failureThreshold: 150 httpGet: path: /health/live port: 8443 scheme: HTTPS initialDelaySeconds: 20 periodSeconds: 2 successThreshold: 1 timeoutSeconds: 1 name: keycloak ports: - containerPort: 8443 protocol: TCP - containerPort: 8080 protocol: TCP readinessProbe: failureThreshold: 250 httpGet: path: /health/ready port: 8443 scheme: HTTPS initialDelaySeconds: 20 periodSeconds: 2 successThreshold: 1 timeoutSeconds: 1 resources: {} terminationMessagePath: /dev/termination-log terminationMessagePolicy: File volumeMounts: - mountPath: /mnt/certificates name: keycloak-tls-certificates - mountPath: /etc/ssl/certs/ca-bundle.crt name: ca-bundle subPath: ca-bundle.crt - mountPath: /etc/pki/ca-trust/extracted/java/cacerts name: ca-transfer subPath: ca-bundle.jks - mountPath: /ca-transfer name: ca-transfer - mountPath: /opt/keycloak/themes name: themes dnsPolicy: ClusterFirst hostAliases: - hostnames: - cascade.strudelline.net ip: 172.16.34.1 restartPolicy: Always schedulerName: default-scheduler securityContext: {} terminationGracePeriodSeconds: 30 volumes: - name: keycloak-tls-certificates secret: defaultMode: 420 optional: false secretName: keycloak-tls - name: ca-bundle configMap: name: ca-bundle - name: themes nfs: path: /volume1/k8s-volumes/keycloak-themes server: 172.16.18.1 - name: ca-transfer emptyDir: medium: Memory sizeLimit: 50Mi updateStrategy: rollingUpdate: partition: 0 type: RollingUpdate