apiVersion: apps/v1 kind: Deployment metadata: name: keycloak namespace: keycloak labels: app: keycloak spec: replicas: 1 selector: matchLabels: app: keycloak template: metadata: labels: app: keycloak spec: containers: - name: keycloak # image: quay.io/keycloak/keycloak:23.0.1 image: quay.io/keycloak/keycloak:26.1 args: - "start" - "--hostname=keycloak.streams.sunet.se" - "--hostname-admin=https://keycloak.streams.sunet.se" - "--verbose" env: - name: KC_HTTP_ENABLED value: "true" - name: KC_HOSTNAME value: "keycloak.streams.sunet.se" - name: KC_HOSTNAME_ADMIN value: "https://keycloak.streams.sunet.se" - name: KC_HOSTNAME_STRICT value: "false" - name: KC_HOSTNAME_STRICT_HTTPS value: "false" - name: KEYCLOAK_USER value: admin - name: KEYCLOAK_PASSWORD valueFrom: secretKeyRef: name: keycloak-admin-secret key: password - name: KEYCLOAK_ADMIN value: "admin" - name: KEYCLOAK_ADMIN_PASSWORD valueFrom: secretKeyRef: name: keycloak-admin-secret key: password - name: KC_HEALTH_ENABLED value: "true" - name: KC_PROXY value: "edge" ports: - name: http containerPort: 8080 # - name: https # containerPort: 8443 # readinessProbe: # httpGet: # path: /health/ready # port: 9000 # initialDelaySeconds: 5 # Delay before the probe starts # periodSeconds: 15 # timeoutSeconds: 3 # successThreshold: 1 # Number of successful probes to consider the pod ready # failureThreshold: 5 volumeMounts: - mountPath: /opt/keycloak/data/h2/ name: storage - name: keycloak-tls-secret mountPath: /etc/ssl/certs readOnly: true securityContext: runAsUser: 1000 runAsGroup: 1000 volumes: - name: storage persistentVolumeClaim: claimName: keycloak-pvc - name: keycloak-tls-secret secret: secretName: keycloak-tls-secret