streams-manifests/keycloak/base/keycloak-deployment.yaml

apiVersion: apps/v1
kind: Deployment
metadata:
  name: keycloak
  namespace: keycloak
  labels:
    app: keycloak
spec:
  replicas: 1
  selector:
    matchLabels:
      app: keycloak
  template:
    metadata:
      labels:
        app: keycloak
    spec:
      containers:
      - name: keycloak
        # image: quay.io/keycloak/keycloak:23.0.1
        image: quay.io/keycloak/keycloak:26.1
        args:
        - "start"
        - "--hostname=https://keycloak.streams.sunet.se"
        - "--hostname-admin=https://keycloak.streams.sunet.se"
        - "--verbose"
        env:
        - name: KC_HTTP_ENABLED
          value: "true"
        - name: KC_HOSTNAME
          value: "keycloak.streams.sunet.se"
        - name: KC_HOSTNAME_ADMIN
          value: "https://keycloak.streams.sunet.se"
        - name: KC_HOSTNAME_STRICT
          value: "false"
        - name: KC_HOSTNAME_STRICT_HTTPS
          value: "false"
        - name: KEYCLOAK_USER
          value: admin
        - name: KEYCLOAK_PASSWORD
          valueFrom:
            secretKeyRef:
              name: keycloak-admin-secret
              key: password
        - name: KEYCLOAK_ADMIN
          value: "admin"
        - name: KEYCLOAK_ADMIN_PASSWORD
          valueFrom:
            secretKeyRef:
              name: keycloak-admin-secret
              key: password
        - name: KC_HEALTH_ENABLED
          value: "true"
        - name: KC_PROXY
          value: "edge"
        ports:
        - name: http
          containerPort: 8080
        # - name: https
        #   containerPort: 8443
        # readinessProbe:
        #   httpGet:
        #     path: /health/ready
        #     port: 9000
        #   initialDelaySeconds: 5 # Delay before the probe starts
        #   periodSeconds: 15
        #   timeoutSeconds: 3
        #   successThreshold: 1 # Number of successful probes to consider the pod ready
        #   failureThreshold: 5
        volumeMounts:
        - mountPath: /opt/keycloak/data/h2/
          name: storage
        - name: keycloak-tls-secret
          mountPath: /etc/ssl/certs
          readOnly: true
        securityContext:
          runAsUser: 1000
          runAsGroup: 1000
      volumes:
      - name: storage
        persistentVolumeClaim:
          claimName: keycloak-pvc
      - name: keycloak-tls-secret
        secret:
          secretName: keycloak-tls-secret
Add keyckloak 2025-01-30 12:03:55 +01:00			`apiVersion: apps/v1`
			`kind: Deployment`
			`metadata:`
			`name: keycloak`
			`namespace: keycloak`
			`labels:`
			`app: keycloak`
			`spec:`
			`replicas: 1`
			`selector:`
			`matchLabels:`
			`app: keycloak`
			`template:`
			`metadata:`
			`labels:`
			`app: keycloak`
			`spec:`
			`containers:`
			`- name: keycloak`
			`# image: quay.io/keycloak/keycloak:23.0.1`
			`image: quay.io/keycloak/keycloak:26.1`
Update args & hostname 2025-01-30 17:21:42 +01:00			`args:`
			`- "start"`
Correct hostname, make it valid url Signed-off-by: Benedith Mulongo <benedith@sunet.se> 2025-01-30 18:17:55 +01:00			`- "--hostname=https://keycloak.streams.sunet.se"`
Correct hostname_admin, make it valid url Signed-off-by: Benedith Mulongo <benedith@sunet.se> 2025-01-30 18:14:05 +01:00			`- "--hostname-admin=https://keycloak.streams.sunet.se"`
Update args & hostname 2025-01-30 17:21:42 +01:00			`- "--verbose"`
Add keyckloak 2025-01-30 12:03:55 +01:00			`env:`
set env http-enabled to true & commenct readinessProbe Signed-off-by: Benedith Mulongo <benedith@sunet.se> 2025-01-30 16:10:28 +01:00			`- name: KC_HTTP_ENABLED`
			`value: "true"`
set hostname & remove strict Signed-off-by: Benedith Mulongo <benedith@sunet.se> 2025-01-30 16:34:41 +01:00			`- name: KC_HOSTNAME`
Correct hostname_admin, make it valid url Signed-off-by: Benedith Mulongo <benedith@sunet.se> 2025-01-30 18:14:05 +01:00			`value: "keycloak.streams.sunet.se"`
Update args & hostname 2025-01-30 17:23:45 +01:00			`- name: KC_HOSTNAME_ADMIN`
Correct hostname_admin, make it valid url Signed-off-by: Benedith Mulongo <benedith@sunet.se> 2025-01-30 18:14:05 +01:00			`value: "https://keycloak.streams.sunet.se"`
set hostname & remove strict Signed-off-by: Benedith Mulongo <benedith@sunet.se> 2025-01-30 16:34:41 +01:00			`- name: KC_HOSTNAME_STRICT`
Update args & hostname 2025-01-30 17:21:42 +01:00			`value: "false"`
Update args & hostname 2025-01-30 17:23:45 +01:00			`- name: KC_HOSTNAME_STRICT_HTTPS`
			`value: "false"`
Add verbose and env variables 2025-01-30 13:56:10 +01:00			`- name: KEYCLOAK_USER`
Add keyckloak 2025-01-30 12:03:55 +01:00			`value: admin`
Add verbose and env variables 2025-01-30 13:56:10 +01:00			`- name: KEYCLOAK_PASSWORD`
			`valueFrom:`
			`secretKeyRef:`
			`name: keycloak-admin-secret`
			`key: password`
			`- name: KEYCLOAK_ADMIN`
Update env Signed-off-by: Benedith Mulongo <benedith@sunet.se> 2025-01-30 15:17:19 +01:00			`value: "admin"`
Add verbose and env variables 2025-01-30 13:56:10 +01:00			`- name: KEYCLOAK_ADMIN_PASSWORD`
Add keyckloak 2025-01-30 12:03:55 +01:00			`valueFrom:`
			`secretKeyRef:`
			`name: keycloak-admin-secret`
			`key: password`
Update env Signed-off-by: Benedith Mulongo <benedith@sunet.se> 2025-01-30 15:17:19 +01:00			`- name: KC_HEALTH_ENABLED`
			`value: "true"`
comment all https Signed-off-by: Benedith Mulongo <benedith@sunet.se> 2025-01-30 15:44:11 +01:00			`- name: KC_PROXY`
			`value: "edge"`
Add keyckloak 2025-01-30 12:03:55 +01:00			`ports:`
			`- name: http`
			`containerPort: 8080`
comment all https Signed-off-by: Benedith Mulongo <benedith@sunet.se> 2025-01-30 15:44:11 +01:00			`# - name: https`
			`# containerPort: 8443`
set env http-enabled to true & commenct readinessProbe Signed-off-by: Benedith Mulongo <benedith@sunet.se> 2025-01-30 16:10:28 +01:00			`# readinessProbe:`
			`# httpGet:`
			`# path: /health/ready`
			`# port: 9000`
			`# initialDelaySeconds: 5 # Delay before the probe starts`
			`# periodSeconds: 15`
			`# timeoutSeconds: 3`
			`# successThreshold: 1 # Number of successful probes to consider the pod ready`
			`# failureThreshold: 5`
Add keyckloak 2025-01-30 12:03:55 +01:00			`volumeMounts:`
Fix docs & mountpath 2025-01-30 12:09:52 +01:00			`- mountPath: /opt/keycloak/data/h2/`
Add keyckloak 2025-01-30 12:03:55 +01:00			`name: storage`
Update tls-secret 2025-01-30 15:32:15 +01:00			`- name: keycloak-tls-secret`
Update to tls 2025-01-30 12:42:41 +01:00			`mountPath: /etc/ssl/certs`
			`readOnly: true`
Add security context for permission Signed-off-by: Benedith Mulongo <benedith@sunet.se> 2025-01-30 17:53:01 +01:00			`securityContext:`
			`runAsUser: 1000`
			`runAsGroup: 1000`
Add keyckloak 2025-01-30 12:03:55 +01:00			`volumes:`
			`- name: storage`
			`persistentVolumeClaim:`
			`claimName: keycloak-pvc`
Update tls-secret 2025-01-30 15:32:15 +01:00			`- name: keycloak-tls-secret`
Update to tls 2025-01-30 12:42:41 +01:00			`secret:`
			`secretName: keycloak-tls-secret`