d-bis/infrastructure
4
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
b970b4fc51255c7bea17e89aab247fe36a1e0421
infrastructure/identity/keycloak/k8s-deployment.yaml
defiQUG b970b4fc51 Initial commit: add .gitignore and README
2026-02-09 21:51:46 -08:00

110 lines
2.4 KiB
YAML
Raw Blame History

# Keycloak Identity Provider Kubernetes Deployment
apiVersion: v1
kind: Namespace
metadata:
name: identity
---
apiVersion: v1
kind: Secret
metadata:
name: keycloak-db-secret
namespace: identity
type: Opaque
stringData:
username: keycloak
password: change-me-in-production
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: keycloak
namespace: identity
spec:
replicas: 2
selector:
matchLabels:
app: keycloak
template:
metadata:
labels:
app: keycloak
spec:
containers:
- name: keycloak
image: quay.io/keycloak/keycloak:23.0
args:
- start
- --hostname-strict=false
- --proxy-headers=xforwarded
- --http-relative-path=/
env:
- name: KEYCLOAK_ADMIN
value: admin
- name: KEYCLOAK_ADMIN_PASSWORD
valueFrom:
secretKeyRef:
name: keycloak-admin-secret
key: password
- name: KC_DB
value: postgres
- name: KC_DB_URL
value: jdbc:postgresql://postgres:5432/keycloak
- name: KC_DB_USERNAME
valueFrom:
secretKeyRef:
name: keycloak-db-secret
key: username
- name: KC_DB_PASSWORD
valueFrom:
secretKeyRef:
name: keycloak-db-secret
key: password
ports:
- containerPort: 8080
name: http
resources:
requests:
memory: "1Gi"
cpu: "500m"
limits:
memory: "2Gi"
cpu: "1000m"
readinessProbe:
httpGet:
path: /health/ready
port: 8080
initialDelaySeconds: 60
periodSeconds: 10
livenessProbe:
httpGet:
path: /health/live
port: 8080
initialDelaySeconds: 60
periodSeconds: 10
---
apiVersion: v1
kind: Service
metadata:
name: keycloak
namespace: identity
spec:
type: LoadBalancer
ports:
- port: 80
targetPort: 8080
protocol: TCP
name: http
selector:
app: keycloak
---
apiVersion: v1
kind: Secret
metadata:
name: keycloak-admin-secret
namespace: identity
type: Opaque
stringData:
password: change-me-in-production
Reference in New Issue View Git Blame Copy Permalink