infra/kube-cascade
3
1
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
88ce2110d2
kube-cascade/keycloak/keycloak-sts.yaml
James Andariese d9b5335739 add keycloak
2023-12-22 11:50:32 -06:00

173 lines
4.8 KiB
YAML
Raw Blame History

apiVersion: apps/v1
kind: StatefulSet
metadata:
labels:
app: keycloak
annotations:
reloader.stakater.com/auto: "true"
name: cascade
namespace: keycloak
spec:
podManagementPolicy: OrderedReady
replicas: 1
selector:
matchLabels:
app: keycloak
serviceName: "keycloak"
template:
metadata:
labels:
app: keycloak
spec:
initContainers:
- name: create-ca-jks
command: ["pembundle2jks", "-o", "/ca-transfer/ca-bundle.jks", "/etc/ssl/certs/ca-bundle.crt"]
image: jamesandariese/pembundle2jks
volumeMounts:
- mountPath: /etc/ssl/certs/ca-bundle.crt
name: ca-bundle
subPath: ca-bundle.crt
- mountPath: /ca-transfer
name: ca-transfer
- name: delete-admin
image: jamesandariese/keycloak-delete-admin
env:
- name: KC_DB
value: postgres
- name: KC_DB_USERNAME
valueFrom:
secretKeyRef:
key: user
name: keycloakdb-pguser-keycloakdb
- name: KC_DB_PASSWORD
valueFrom:
secretKeyRef:
key: password
name: keycloakdb-pguser-keycloakdb
- name: KC_DB_URL_DATABASE
value: keycloakdb
- name: KC_DB_URL_HOST
value: keycloakdb-primary.keycloak.svc
containers:
- args:
- start
env:
- name: KC_PROXY
value: edge
- name: KC_HEALTH_ENABLED
value: "true"
- name: KEYCLOAK_ADMIN
valueFrom:
secretKeyRef:
key: username
name: keycloak-admin
- name: KEYCLOAK_ADMIN_PASSWORD
valueFrom:
secretKeyRef:
key: password
name: keycloak-admin
- name: KC_HOSTNAME
value: auth.werts.us
- name: KC_HTTP_PORT
value: "8080"
- name: KC_HTTPS_PORT
value: "8443"
- name: KC_HTTPS_CERTIFICATE_FILE
value: /mnt/certificates/tls.crt
- name: KC_HTTPS_CERTIFICATE_KEY_FILE
value: /mnt/certificates/tls.key
- name: KC_HTTPS_TRUST_STORE_FILE
value: /ca-transfer/ca-bundle.jks
- name: KC_HTTPS_TRUST_STORE_PASSWORD
value: changeit
- name: KC_DB
value: postgres
- name: KC_DB_USERNAME
valueFrom:
secretKeyRef:
key: user
name: keycloakdb-pguser-keycloakdb
- name: KC_DB_PASSWORD
valueFrom:
secretKeyRef:
key: password
name: keycloakdb-pguser-keycloakdb
- name: KC_DB_URL_DATABASE
value: keycloakdb
- name: KC_DB_URL_HOST
value: keycloakdb-primary.keycloak.svc
image: quay.io/keycloak/keycloak:21.0.0
imagePullPolicy: Always
livenessProbe:
failureThreshold: 150
httpGet:
path: /health/live
port: 8443
scheme: HTTPS
initialDelaySeconds: 20
periodSeconds: 2
successThreshold: 1
timeoutSeconds: 1
name: keycloak
ports:
- containerPort: 8443
protocol: TCP
- containerPort: 8080
protocol: TCP
readinessProbe:
failureThreshold: 250
httpGet:
path: /health/ready
port: 8443
scheme: HTTPS
initialDelaySeconds: 20
periodSeconds: 2
successThreshold: 1
timeoutSeconds: 1
resources: {}
terminationMessagePath: /dev/termination-log
terminationMessagePolicy: File
volumeMounts:
- mountPath: /mnt/certificates
name: keycloak-tls-certificates
- mountPath: /etc/ssl/certs/ca-bundle.crt
name: ca-bundle
subPath: ca-bundle.crt
- mountPath: /etc/pki/ca-trust/extracted/java/cacerts
name: ca-transfer
subPath: ca-bundle.jks
- mountPath: /ca-transfer
name: ca-transfer
- mountPath: /opt/keycloak/themes
name: themes
dnsPolicy: ClusterFirst
hostAliases:
- hostnames:
- cascade.strudelline.net
ip: 172.16.34.1
restartPolicy: Always
schedulerName: default-scheduler
securityContext: {}
terminationGracePeriodSeconds: 30
volumes:
- name: keycloak-tls-certificates
secret:
defaultMode: 420
optional: false
secretName: keycloak-tls
- name: ca-bundle
configMap:
name: ca-bundle
- name: themes
nfs:
path: /volume1/k8s-volumes/keycloak-themes
server: 172.16.18.1
- name: ca-transfer
emptyDir:
medium: Memory
sizeLimit: 50Mi
updateStrategy:
rollingUpdate:
partition: 0
type: RollingUpdate
Reference in New Issue View Git Blame Copy Permalink