apiVersion: apps/v1 kind: Deployment metadata: name: keycloak namespace: keycloak labels: app: keycloak spec: replicas: 1 selector: matchLabels: app: keycloak template: metadata: labels: app: keycloak spec: containers: - name: keycloak # image: quay.io/keycloak/keycloak:23.0.1 image: quay.io/keycloak/keycloak:26.1 args: [ "start" ] # args: # - "start" # # - "--https-certificate-file=/etc/ssl/certs/cert.pem"+ # # - "--https-certificate-key-file=/etc/ssl/certs/key.pem" # - "--verbose" env: - name: KC_HTTP_ENABLED value: "true" - name: KEYCLOAK_USER value: admin - name: KEYCLOAK_PASSWORD valueFrom: secretKeyRef: name: keycloak-admin-secret key: password - name: KEYCLOAK_ADMIN value: "admin" - name: KEYCLOAK_ADMIN_PASSWORD valueFrom: secretKeyRef: name: keycloak-admin-secret key: password - name: KC_HEALTH_ENABLED value: "true" - name: KC_PROXY value: "edge" ports: - name: http containerPort: 8080 # - name: https # containerPort: 8443 # readinessProbe: # httpGet: # path: /health/ready # port: 9000 # initialDelaySeconds: 5 # Delay before the probe starts # periodSeconds: 15 # timeoutSeconds: 3 # successThreshold: 1 # Number of successful probes to consider the pod ready # failureThreshold: 5 volumeMounts: - mountPath: /opt/keycloak/data/h2/ name: storage - name: keycloak-tls-secret mountPath: /etc/ssl/certs readOnly: true # command: # # - /opt/keycloak/bin/kc.sh # - start # - --https-certificate-file=/etc/ssl/certs/cert.pem # - --https-certificate-key-file=/etc/ssl/certs/key.pem # - --verbose volumes: - name: storage persistentVolumeClaim: claimName: keycloak-pvc - name: keycloak-tls-secret secret: secretName: keycloak-tls-secret