-
Notifications
You must be signed in to change notification settings - Fork 4
/
Copy pathkeycloak.yml
79 lines (79 loc) · 2.22 KB
/
keycloak.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
apiVersion: apps/v1
kind: StatefulSet
metadata:
name: keycloak
labels:
app: keycloak
component: authentication
spec:
serviceName: svc-keycloak
podManagementPolicy: Parallel # Default is OrderedReady
replicas: 1 # Default is 1
updateStrategy:
type: RollingUpdate
selector:
matchLabels:
app: keycloak # Has to match .spec.template.metadata.labels
component: authentication
template:
metadata:
labels:
app: keycloak # Has to match .spec.selector.matchLabels
component: authentication
spec:
terminationGracePeriodSeconds: 10
# affinity:
# podAntiAffinity:
# requiredDuringSchedulingIgnoredDuringExecution:
# - labelSelector:
# matchExpressions:
# - key: app
# operator: In
# values:
# - keycloak
# topologyKey: "kubernetes.io/hostname"
containers:
- name: keycloak
image: jboss/keycloak:latest
imagePullPolicy: Always
env:
- name: KEYCLOAK_USER
valueFrom:
secretKeyRef:
name: keycloak-secret
key: keycloak-user
- name: KEYCLOAK_PASSWORD
valueFrom:
secretKeyRef:
name: keycloak-secret
key: keycloak-password
- name: KEYCLOAK_IMPORT
value: "/etc/keycloak-realms.json -Dkeycloak.profile.feature.upload_scripts=enabled"
- name: PROXY_ADDRESS_FORWARDING
value: "true"
ports:
- containerPort: 8080
name: http
protocol: TCP
- containerPort: 8443
name: https
protocol: TCP
readinessProbe:
httpGet:
path: /auth/realms/master
port: http
scheme: HTTP
initialDelaySeconds: 30
periodSeconds: 10
timeoutSeconds: 30
failureThreshold: 3
successThreshold: 1
volumeMounts:
- name: keycloak-realms
mountPath: /etc/keycloak-realms.json
subPath: keycloak-realms.json
readOnly: false
volumes:
- name: keycloak-realms
configMap:
name: keycloak-realms