add fsGroup

2025-01-31 11:12:41 +01:00 · 2025-01-31 11:12:41 +01:00 · ca1c423020
commit ca1c423020
parent 56b8805f97
2 changed files with 53 additions and 52 deletions
--- a/keycloak/base/keycloak-deployment.yaml
+++ b/keycloak/base/keycloak-deployment.yaml
@ -15,56 +15,57 @@ spec:
      labels:
        app: keycloak
    spec:
      securityContext:
        runAsUser: 1000
        runAsGroup: 1000
        fsGroup: 1000
      containers:
-      - name: keycloak
+        - name: keycloak
-        image: quay.io/keycloak/keycloak:26.1
+          image: quay.io/keycloak/keycloak:26.1
-        args:
+          args:
-        - "start"
+            - "start"
-        - "--verbose"
+            - "--verbose"
-        env:
+          env:
-        - name: KC_HOSTNAME_STRICT
+            - name: KC_HOSTNAME_STRICT
-          value: "false"
+              value: "false"
-        - name: KC_HOSTNAME_STRICT_HTTPS
+            - name: KC_HOSTNAME_STRICT_HTTPS
-          value: "false"
+              value: "false"
-        - name: KC_HTTP_ENABLED
+            - name: KC_HTTP_ENABLED
-          value: "true"
+              value: "true"
-        - name: KEYCLOAK_USER
+            - name: KEYCLOAK_USER
-          value: admin
+              value: admin
-        - name: KEYCLOAK_PASSWORD
+            - name: KEYCLOAK_PASSWORD
-          valueFrom:
+              valueFrom:
-            secretKeyRef:
+                secretKeyRef:
-              name: keycloak-admin-secret
+                  name: keycloak-admin-secret
-              key: password
+                  key: password
-        - name: KC_BOOTSTRAP_ADMIN_USERNAME
+            - name: KC_BOOTSTRAP_ADMIN_USERNAME
-          value: "admin"
+              value: "admin"
-        - name: KC_BOOTSTRAP_ADMIN_PASSWORD
+            - name: KC_BOOTSTRAP_ADMIN_PASSWORD
-          valueFrom:
+              valueFrom:
-            secretKeyRef:
+                secretKeyRef:
-              name: keycloak-admin-secret
+                  name: keycloak-admin-secret
-              key: password
+                  key: password
-        - name: KC_HEALTH_ENABLED
+            - name: KC_HEALTH_ENABLED
-          value: "true"
+              value: "true"
-        - name: KC_PROXY
+            - name: KC_PROXY
-          value: "edge"
+              value: "edge"
-        ports:
+          ports:
-        - name: http
+            - name: http
-          containerPort: 8080
+              containerPort: 8080
-        readinessProbe:
+          readinessProbe:
-          httpGet:
+            httpGet:
-            path: /health/ready
+              path: /health/ready
-            port: 9000
+              port: 9000
-          initialDelaySeconds: 15 # Delay before the probe starts
+            initialDelaySeconds: 15 # Delay before the probe starts
-          periodSeconds: 15
+            periodSeconds: 15
-          timeoutSeconds: 3
+            timeoutSeconds: 3
-          successThreshold: 1 # Number of successful probes to consider the pod ready
+            successThreshold: 1 # Number of successful probes to consider the pod ready
-          failureThreshold: 5
+            failureThreshold: 5
-        volumeMounts:
+          volumeMounts:
-          - mountPath: /opt/keycloak/data/h2/
+            - mountPath: /opt/keycloak/data/h2/
-            name: storage
+              name: storage
        securityContext:
          runAsUser: 1000
          runAsGroup: 1000
      volumes:
-      - name: storage
+        - name: storage
-        persistentVolumeClaim:
+          persistentVolumeClaim:
-          claimName: keycloak-pvc
+            claimName: keycloak-pvc
--- a/keycloak/keycloak-application.yaml
+++ b/keycloak/keycloak-application.yaml
@ -7,7 +7,7 @@ spec:
  project: default
  source:
    repoURL: https://platform.sunet.se/streams/streams-manifests.git
-    targetRevision: streams-manifests-2025-01-31-v17
+    targetRevision: streams-manifests-2025-01-31-v18
    path: keycloak/overlays/test
  destination:
    server: https://kubernetes.default.svc