-
-
Save bsamadi/cdefd1923f084c6174e4b399f2ce3e79 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
--- | |
# Source: keycloak/templates/serviceaccount.yaml | |
apiVersion: v1 | |
kind: ServiceAccount | |
metadata: | |
name: keycloak-sso | |
labels: | |
helm.sh/chart: keycloak-14.0.1 | |
app.kubernetes.io/name: keycloak | |
app.kubernetes.io/instance: keycloak-sso | |
app.kubernetes.io/version: "14.0.0" | |
app.kubernetes.io/managed-by: Helm | |
imagePullSecrets: | |
[] | |
--- | |
# Source: keycloak/charts/postgresql/templates/secrets.yaml | |
apiVersion: v1 | |
kind: Secret | |
metadata: | |
name: keycloak-sso-postgresql | |
labels: | |
app.kubernetes.io/name: postgresql | |
helm.sh/chart: postgresql-10.3.13 | |
app.kubernetes.io/instance: keycloak-sso | |
app.kubernetes.io/managed-by: Helm | |
namespace: default | |
type: Opaque | |
data: | |
postgresql-postgres-password: "ekFNRTRCSG5KQg==" | |
postgresql-password: "a2V5Y2xvYWs=" | |
--- | |
# Source: keycloak/templates/configmap-startup.yaml | |
apiVersion: v1 | |
kind: ConfigMap | |
metadata: | |
name: keycloak-sso-startup | |
labels: | |
helm.sh/chart: keycloak-14.0.1 | |
app.kubernetes.io/name: keycloak | |
app.kubernetes.io/instance: keycloak-sso | |
app.kubernetes.io/version: "14.0.0" | |
app.kubernetes.io/managed-by: Helm | |
data: | |
keycloak.cli: | | |
embed-server --server-config=standalone-ha.xml --std-out=echo | |
batch | |
echo Configuring node identifier | |
## Sets the node identifier to the node name (= pod name). Node identifiers have to be unique. They can have a | |
## maximum length of 23 characters. Thus, the chart's fullname template truncates its length accordingly. | |
/subsystem=transactions:write-attribute(name=node-identifier, value=${jboss.node.name}) | |
echo Finished configuring node identifier | |
run-batch | |
stop-embedded-server | |
--- | |
# Source: keycloak/charts/postgresql/templates/svc-headless.yaml | |
apiVersion: v1 | |
kind: Service | |
metadata: | |
name: keycloak-sso-postgresql-headless | |
labels: | |
app.kubernetes.io/name: postgresql | |
helm.sh/chart: postgresql-10.3.13 | |
app.kubernetes.io/instance: keycloak-sso | |
app.kubernetes.io/managed-by: Helm | |
# Use this annotation in addition to the actual publishNotReadyAddresses | |
# field below because the annotation will stop being respected soon but the | |
# field is broken in some versions of Kubernetes: | |
# https://github.com/kubernetes/kubernetes/issues/58662 | |
service.alpha.kubernetes.io/tolerate-unready-endpoints: "true" | |
namespace: default | |
spec: | |
type: ClusterIP | |
clusterIP: None | |
# We want all pods in the StatefulSet to have their addresses published for | |
# the sake of the other Postgresql pods even before they're ready, since they | |
# have to be able to talk to each other in order to become ready. | |
publishNotReadyAddresses: true | |
ports: | |
- name: tcp-postgresql | |
port: 5432 | |
targetPort: tcp-postgresql | |
selector: | |
app.kubernetes.io/name: postgresql | |
app.kubernetes.io/instance: keycloak-sso | |
--- | |
# Source: keycloak/charts/postgresql/templates/svc.yaml | |
apiVersion: v1 | |
kind: Service | |
metadata: | |
name: keycloak-sso-postgresql | |
labels: | |
app.kubernetes.io/name: postgresql | |
helm.sh/chart: postgresql-10.3.13 | |
app.kubernetes.io/instance: keycloak-sso | |
app.kubernetes.io/managed-by: Helm | |
annotations: | |
namespace: default | |
spec: | |
type: ClusterIP | |
ports: | |
- name: tcp-postgresql | |
port: 5432 | |
targetPort: tcp-postgresql | |
selector: | |
app.kubernetes.io/name: postgresql | |
app.kubernetes.io/instance: keycloak-sso | |
role: primary | |
--- | |
# Source: keycloak/templates/service-headless.yaml | |
apiVersion: v1 | |
kind: Service | |
metadata: | |
name: keycloak-sso-headless | |
labels: | |
helm.sh/chart: keycloak-14.0.1 | |
app.kubernetes.io/name: keycloak | |
app.kubernetes.io/instance: keycloak-sso | |
app.kubernetes.io/version: "14.0.0" | |
app.kubernetes.io/managed-by: Helm | |
app.kubernetes.io/component: headless | |
spec: | |
type: ClusterIP | |
clusterIP: None | |
ports: | |
- name: http | |
port: 80 | |
targetPort: http | |
protocol: TCP | |
selector: | |
app.kubernetes.io/name: keycloak | |
app.kubernetes.io/instance: keycloak-sso | |
--- | |
# Source: keycloak/templates/service-http.yaml | |
apiVersion: v1 | |
kind: Service | |
metadata: | |
name: keycloak-sso-http | |
labels: | |
helm.sh/chart: keycloak-14.0.1 | |
app.kubernetes.io/name: keycloak | |
app.kubernetes.io/instance: keycloak-sso | |
app.kubernetes.io/version: "14.0.0" | |
app.kubernetes.io/managed-by: Helm | |
app.kubernetes.io/component: http | |
spec: | |
type: ClusterIP | |
ports: | |
- name: http | |
port: 80 | |
targetPort: http | |
protocol: TCP | |
- name: https | |
port: 8443 | |
targetPort: https | |
protocol: TCP | |
- name: http-management | |
port: 9990 | |
targetPort: http-management | |
protocol: TCP | |
selector: | |
app.kubernetes.io/name: keycloak | |
app.kubernetes.io/instance: keycloak-sso | |
--- | |
# Source: keycloak/charts/postgresql/templates/statefulset.yaml | |
apiVersion: apps/v1 | |
kind: StatefulSet | |
metadata: | |
name: keycloak-sso-postgresql | |
labels: | |
app.kubernetes.io/name: postgresql | |
helm.sh/chart: postgresql-10.3.13 | |
app.kubernetes.io/instance: keycloak-sso | |
app.kubernetes.io/managed-by: Helm | |
app.kubernetes.io/component: primary | |
annotations: | |
namespace: default | |
spec: | |
serviceName: keycloak-sso-postgresql-headless | |
replicas: 1 | |
updateStrategy: | |
type: RollingUpdate | |
selector: | |
matchLabels: | |
app.kubernetes.io/name: postgresql | |
app.kubernetes.io/instance: keycloak-sso | |
role: primary | |
template: | |
metadata: | |
name: keycloak-sso-postgresql | |
labels: | |
app.kubernetes.io/name: postgresql | |
helm.sh/chart: postgresql-10.3.13 | |
app.kubernetes.io/instance: keycloak-sso | |
app.kubernetes.io/managed-by: Helm | |
role: primary | |
app.kubernetes.io/component: primary | |
spec: | |
affinity: | |
podAffinity: | |
podAntiAffinity: | |
preferredDuringSchedulingIgnoredDuringExecution: | |
- podAffinityTerm: | |
labelSelector: | |
matchLabels: | |
app.kubernetes.io/name: postgresql | |
app.kubernetes.io/instance: keycloak-sso | |
app.kubernetes.io/component: primary | |
namespaces: | |
- "default" | |
topologyKey: kubernetes.io/hostname | |
weight: 1 | |
nodeAffinity: | |
securityContext: | |
fsGroup: 1001 | |
containers: | |
- name: keycloak-sso-postgresql | |
image: docker.io/bitnami/postgresql:11.11.0-debian-10-r31 | |
imagePullPolicy: "IfNotPresent" | |
resources: | |
requests: | |
cpu: 250m | |
memory: 256Mi | |
securityContext: | |
runAsUser: 1001 | |
env: | |
- name: BITNAMI_DEBUG | |
value: "false" | |
- name: POSTGRESQL_PORT_NUMBER | |
value: "5432" | |
- name: POSTGRESQL_VOLUME_DIR | |
value: "/bitnami/postgresql" | |
- name: PGDATA | |
value: "/bitnami/postgresql/data" | |
- name: POSTGRES_POSTGRES_PASSWORD | |
valueFrom: | |
secretKeyRef: | |
name: keycloak-sso-postgresql | |
key: postgresql-postgres-password | |
- name: POSTGRES_USER | |
value: "keycloak" | |
- name: POSTGRES_PASSWORD | |
valueFrom: | |
secretKeyRef: | |
name: keycloak-sso-postgresql | |
key: postgresql-password | |
- name: POSTGRES_DB | |
value: "keycloak" | |
- name: POSTGRESQL_ENABLE_LDAP | |
value: "no" | |
- name: POSTGRESQL_ENABLE_TLS | |
value: "no" | |
- name: POSTGRESQL_LOG_HOSTNAME | |
value: "false" | |
- name: POSTGRESQL_LOG_CONNECTIONS | |
value: "false" | |
- name: POSTGRESQL_LOG_DISCONNECTIONS | |
value: "false" | |
- name: POSTGRESQL_PGAUDIT_LOG_CATALOG | |
value: "off" | |
- name: POSTGRESQL_CLIENT_MIN_MESSAGES | |
value: "error" | |
- name: POSTGRESQL_SHARED_PRELOAD_LIBRARIES | |
value: "pgaudit" | |
ports: | |
- name: tcp-postgresql | |
containerPort: 5432 | |
livenessProbe: | |
exec: | |
command: | |
- /bin/sh | |
- -c | |
- exec pg_isready -U "keycloak" -d "dbname=keycloak" -h 127.0.0.1 -p 5432 | |
initialDelaySeconds: 30 | |
periodSeconds: 10 | |
timeoutSeconds: 5 | |
successThreshold: 1 | |
failureThreshold: 6 | |
readinessProbe: | |
exec: | |
command: | |
- /bin/sh | |
- -c | |
- -e | |
- | | |
exec pg_isready -U "keycloak" -d "dbname=keycloak" -h 127.0.0.1 -p 5432 | |
[ -f /opt/bitnami/postgresql/tmp/.initialized ] || [ -f /bitnami/postgresql/.initialized ] | |
initialDelaySeconds: 5 | |
periodSeconds: 10 | |
timeoutSeconds: 5 | |
successThreshold: 1 | |
failureThreshold: 6 | |
volumeMounts: | |
- name: dshm | |
mountPath: /dev/shm | |
- name: data | |
mountPath: /bitnami/postgresql | |
subPath: | |
volumes: | |
- name: dshm | |
emptyDir: | |
medium: Memory | |
sizeLimit: 1Gi | |
volumeClaimTemplates: | |
- metadata: | |
name: data | |
spec: | |
accessModes: | |
- "ReadWriteOnce" | |
resources: | |
requests: | |
storage: "8Gi" | |
--- | |
# Source: keycloak/templates/statefulset.yaml | |
apiVersion: apps/v1 | |
kind: StatefulSet | |
metadata: | |
name: keycloak-sso | |
labels: | |
helm.sh/chart: keycloak-14.0.1 | |
app.kubernetes.io/name: keycloak | |
app.kubernetes.io/instance: keycloak-sso | |
app.kubernetes.io/version: "14.0.0" | |
app.kubernetes.io/managed-by: Helm | |
spec: | |
selector: | |
matchLabels: | |
app.kubernetes.io/name: keycloak | |
app.kubernetes.io/instance: keycloak-sso | |
replicas: 1 | |
serviceName: keycloak-sso-headless | |
podManagementPolicy: Parallel | |
updateStrategy: | |
type: RollingUpdate | |
template: | |
metadata: | |
annotations: | |
checksum/config-startup: 560e30a4fb4f087d446b0bb496e9ea8551e08ce18bc35d36ccecd56e33587d03 | |
checksum/secrets: 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a | |
labels: | |
app.kubernetes.io/name: keycloak | |
app.kubernetes.io/instance: keycloak-sso | |
spec: | |
initContainers: | |
- name: pgchecker | |
image: "docker.io/busybox:1.32" | |
imagePullPolicy: IfNotPresent | |
securityContext: | |
allowPrivilegeEscalation: false | |
runAsGroup: 1000 | |
runAsNonRoot: true | |
runAsUser: 1000 | |
command: | |
- sh | |
- -c | |
- | | |
echo 'Waiting for PostgreSQL to become ready...' | |
until printf "." && nc -z -w 2 keycloak-sso-postgresql 5432; do | |
sleep 2; | |
done; | |
echo 'PostgreSQL OK ✓' | |
resources: | |
limits: | |
cpu: 20m | |
memory: 32Mi | |
requests: | |
cpu: 20m | |
memory: 32Mi | |
containers: | |
- name: keycloak | |
securityContext: | |
runAsNonRoot: true | |
runAsUser: 1000 | |
image: "docker.io/jboss/keycloak:14.0.0" | |
imagePullPolicy: IfNotPresent | |
command: | |
[] | |
args: | |
[] | |
env: | |
- name: DB_VENDOR | |
value: postgres | |
- name: DB_ADDR | |
value: keycloak-sso-postgresql | |
- name: DB_PORT | |
value: "5432" | |
- name: DB_DATABASE | |
value: "keycloak" | |
- name: DB_USER | |
value: "keycloak" | |
- name: DB_PASSWORD | |
valueFrom: | |
secretKeyRef: | |
name: keycloak-sso-postgresql | |
key: postgresql-password | |
envFrom: | |
ports: | |
- name: http | |
containerPort: 8080 | |
protocol: TCP | |
- name: https | |
containerPort: 8443 | |
protocol: TCP | |
- name: http-management | |
containerPort: 9990 | |
protocol: TCP | |
livenessProbe: | |
httpGet: | |
path: /auth/ | |
port: http | |
initialDelaySeconds: 0 | |
timeoutSeconds: 5 | |
readinessProbe: | |
httpGet: | |
path: /auth/realms/master | |
port: http | |
initialDelaySeconds: 30 | |
timeoutSeconds: 1 | |
startupProbe: | |
httpGet: | |
path: /auth/ | |
port: http | |
initialDelaySeconds: 30 | |
timeoutSeconds: 1 | |
failureThreshold: 60 | |
periodSeconds: 5 | |
resources: | |
{} | |
volumeMounts: | |
- name: startup | |
mountPath: "/opt/jboss/startup-scripts/keycloak.cli" | |
subPath: "keycloak.cli" | |
readOnly: true | |
serviceAccountName: keycloak-sso | |
securityContext: | |
fsGroup: 1000 | |
enableServiceLinks: true | |
restartPolicy: Always | |
affinity: | |
podAntiAffinity: | |
requiredDuringSchedulingIgnoredDuringExecution: | |
- labelSelector: | |
matchLabels: | |
app.kubernetes.io/name: keycloak | |
app.kubernetes.io/instance: keycloak-sso | |
matchExpressions: | |
- key: app.kubernetes.io/component | |
operator: NotIn | |
values: | |
- test | |
topologyKey: kubernetes.io/hostname | |
preferredDuringSchedulingIgnoredDuringExecution: | |
- weight: 100 | |
podAffinityTerm: | |
labelSelector: | |
matchLabels: | |
app.kubernetes.io/name: keycloak | |
app.kubernetes.io/instance: keycloak-sso | |
matchExpressions: | |
- key: app.kubernetes.io/component | |
operator: NotIn | |
values: | |
- test | |
topologyKey: failure-domain.beta.kubernetes.io/zone | |
terminationGracePeriodSeconds: 60 | |
volumes: | |
- name: startup | |
configMap: | |
name: keycloak-sso-startup | |
defaultMode: 0555 | |
items: | |
- key: keycloak.cli | |
path: keycloak.cli |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment