apiVersion: apps/v1 kind: Deployment metadata: name: keycloak namespace: keycloak labels: app: keycloak spec: replicas: 1 selector: matchLabels: app: keycloak template: metadata: labels: app: keycloak spec: containers: - name: keycloak # image: quay.io/keycloak/keycloak:23.0.1 image: quay.io/keycloak/keycloak:26.1 args: - "start" - "--verbose" env: - name: KC_HTTP_ENABLED value: "true" - name: KC_HOSTNAME value: "https://keycloak.streams.sunet.se" - name: KC_HOSTNAME_ADMIN value: "https://keycloak.streams.sunet.se" - name: KC_HOSTNAME_STRICT value: "false" - name: KC_HOSTNAME_STRICT_HTTPS value: "false" - name: KEYCLOAK_USER value: admin - name: KEYCLOAK_PASSWORD valueFrom: secretKeyRef: name: keycloak-admin-secret key: password - name: KC_BOOTSTRAP_ADMIN_USERNAME value: "admin" - name: KC_BOOTSTRAP_ADMIN_PASSWORD valueFrom: secretKeyRef: name: keycloak-admin-secret key: password - name: KC_HEALTH_ENABLED value: "true" - name: KC_PROXY value: "edge" ports: - name: http containerPort: 8080 # - name: https # containerPort: 8443 readinessProbe: httpGet: path: /health/ready port: 9000 initialDelaySeconds: 15 # Delay before the probe starts periodSeconds: 15 timeoutSeconds: 3 successThreshold: 1 # Number of successful probes to consider the pod ready failureThreshold: 5 volumeMounts: # - mountPath: /opt/keycloak/data/h2/ # name: storage - name: keycloak-tls-secret mountPath: /etc/ssl/certs readOnly: true securityContext: runAsUser: 1000 runAsGroup: 1000 volumes: - name: storage persistentVolumeClaim: claimName: keycloak-pvc - name: keycloak-tls-secret secret: secretName: keycloak-tls-secret