# Keycloak Identity Provider Kubernetes Deployment apiVersion: v1 kind: Namespace metadata: name: identity --- apiVersion: v1 kind: Secret metadata: name: keycloak-db-secret namespace: identity type: Opaque stringData: username: keycloak password: change-me-in-production --- apiVersion: apps/v1 kind: Deployment metadata: name: keycloak namespace: identity spec: replicas: 2 selector: matchLabels: app: keycloak template: metadata: labels: app: keycloak spec: containers: - name: keycloak image: quay.io/keycloak/keycloak:23.0 args: - start - --hostname-strict=false - --proxy-headers=xforwarded - --http-relative-path=/ env: - name: KEYCLOAK_ADMIN value: admin - name: KEYCLOAK_ADMIN_PASSWORD valueFrom: secretKeyRef: name: keycloak-admin-secret key: password - name: KC_DB value: postgres - name: KC_DB_URL value: jdbc:postgresql://postgres:5432/keycloak - name: KC_DB_USERNAME valueFrom: secretKeyRef: name: keycloak-db-secret key: username - name: KC_DB_PASSWORD valueFrom: secretKeyRef: name: keycloak-db-secret key: password ports: - containerPort: 8080 name: http resources: requests: memory: "1Gi" cpu: "500m" limits: memory: "2Gi" cpu: "1000m" readinessProbe: httpGet: path: /health/ready port: 8080 initialDelaySeconds: 60 periodSeconds: 10 livenessProbe: httpGet: path: /health/live port: 8080 initialDelaySeconds: 60 periodSeconds: 10 --- apiVersion: v1 kind: Service metadata: name: keycloak namespace: identity spec: type: LoadBalancer ports: - port: 80 targetPort: 8080 protocol: TCP name: http selector: app: keycloak --- apiVersion: v1 kind: Secret metadata: name: keycloak-admin-secret namespace: identity type: Opaque stringData: password: change-me-in-production