ps.keycloak.1.0.5.source-code.deploymentConfig.yml Maven / Gradle / Ivy
metadata:
annotations:
configmap.fabric8.io/update-on-change: "keycloak"
fabric8.io/target-platform: "openshift"
spec:
replicas: 1
strategy:
type: Recreate
recreateParams:
timeoutSeconds: 7200
template:
metadata:
annotations:
pod.beta.kubernetes.io/init-containers: |-
[{
"name": "git-cloner",
"image": "fabric8/builder-clients:0.11",
"imagePullPolicy": "IfNotPresent",
"command": [ "/bin/bash" ],
"args": [
"-c",
"rm -rf /keycloak-theme/login && git clone https://github.com/fabric8io/fabric8-keycloak-theme.git /keycloak-theme/login && cd /keycloak-theme/login && git checkout 61b08f0a2f4be2395bb0bbb6d16a8538f4f2b836"
],
"volumeMounts": [{
"name": "keycloak-theme",
"mountPath": "/keycloak-theme"
}]
},
{
"name": "openshift-ca-pemtokeystore",
"image": "jimmidyson/pemtokeystore:v0.2.0",
"imagePullPolicy": "IfNotPresent",
"args": [
"-keystore", "/tls-keystore/openshift-truststore.jks",
"-ca-file", "/var/run/secrets/kubernetes.io/serviceaccount/ca.crt",
"-ca-file", "/var/run/secrets/kubernetes.io/serviceaccount/service-ca.crt",
"-ca-dir", "/usr/share/ca-certificates/mozilla"
],
"volumeMounts": [{
"name": "keycloak-tls",
"mountPath": "/tls-keystore"
}]
},
{
"name": "envvar-substitution",
"image": "fabric8/envsubst-file:1.0.0",
"imagePullPolicy": "IfNotPresent",
"args": [
"fabric8-realm.json"
],
"env": [{
"name": "AUTH_URL",
"valueFrom": {
"configMapKeyRef": {
"name": "keycloak",
"key": "auth.api.url"
}
}
},
{
"name": "WIT_URL",
"valueFrom": {
"configMapKeyRef": {
"name": "keycloak",
"key": "wit.api.url"
}
}
},
{
"name": "KEYCLOAK_URL",
"valueFrom": {
"configMapKeyRef": {
"name": "keycloak",
"key": "keycloak.url"
}
}
},
{
"name": "FABRIC8_URL",
"valueFrom": {
"configMapKeyRef": {
"name": "keycloak",
"key": "fabric8.url"
}
}
},
{
"name": "KEYCLOAK_PRIVATEKEY",
"valueFrom": {
"secretKeyRef": {
"name": "keycloak",
"key": "kc.private.key"
}
}
},
{
"name": "KEYCLOAK_PUBLICKEY",
"valueFrom": {
"secretKeyRef": {
"name": "keycloak",
"key": "kc.public.key"
}
}
},
{
"name": "KEYCLOAK_CLIENTID_SECRET",
"valueFrom": {
"secretKeyRef": {
"name": "keycloak",
"key": "kc.clientid.secret"
}
}
},
{
"name": "K8S_API_SERVER",
"valueFrom": {
"configMapKeyRef": {
"name": "keycloak",
"key": "apiserver.url"
}
}
},
{
"name": "HIDE_OPENSHIFT_BTN",
"value": "false"
},
{
"name": "HIDE_GITHUB_BTN",
"value": "true"
}],
"volumeMounts": [
{
"name": "keycloak-config",
"mountPath": "/workdir/fabric8-realm.json",
"subPath": "config/fabric8-realm.json"
},
{
"name": "keycloak-subst-config",
"mountPath": "/processed"
}
]
},
{
"name": "init-dependencyservice",
"image": "fabric8/fabric8-dependency-wait-service:${dependency-wait-service.version}",
"imagePullPolicy": "IfNotPresent",
"command": ["sh", "-c", "fabric8-dependency-wait-service-linux-amd64 postgres://keycloak@keycloak-db:5432"],
"env": [{
"name": "DEPENDENCY_POLL_INTERVAL",
"value": "1"
}, {
"name": "DEPENDENCY_LOG_VERBOSE",
"value": "true"
}]
}]
spec:
containers:
- image: fabric8/keycloak-postgres:${keycloak.version}
args:
- -b $(INTERNAL_POD_IP)
- -Djgroups.bind_addr=global
- -Djboss.node.name=$(INTERNAL_POD_IP)
- -Djavax.net.ssl.trustStore=/opt/jboss/keycloak/standalone/configuration/tls/openshift-truststore.jks
- -Dkeycloak.migration.action=import
- -Dkeycloak.migration.provider=singleFile
- -Dkeycloak.migration.file=/opt/jboss/keycloak/standalone/configuration/import/fabric8-realm.json
- -Dkeycloak.migration.strategy=IGNORE_EXISTING
env:
- name: POSTGRES_HOSTNAME
value: keycloak-db
- name: POSTGRES_USER
value: keycloak
- name: POSTGRES_PASSWORD
value: keycloak
- name: OPERATING_MODE
value: standalone
- name: POSTGRES_PORT_5432_TCP_ADDR
value: keycloak-db
- name: INTERNAL_POD_IP
valueFrom:
fieldRef:
fieldPath: status.podIP
- name: KEYCLOAK_USER
valueFrom:
secretKeyRef:
name: keycloak
key: kc.user
- name: KEYCLOAK_PASSWORD
valueFrom:
secretKeyRef:
name: keycloak
key: kc.password
- name: KEYCLOAK_CLIENTID_SECRET
valueFrom:
secretKeyRef:
name: keycloak
key: kc.clientid.secret
- name: KEYCLOAK_PRIVATEKEY
valueFrom:
secretKeyRef:
name: keycloak
key: kc.private.key
- name: KEYCLOAK_PUBLICKEY
valueFrom:
secretKeyRef:
name: keycloak
key: kc.public.key
- name: HIDE_OPENSHIFT_BTN
value: "false"
- name: HIDE_GITHUB_BTN
value: "true"
readinessProbe:
httpGet:
path: "/auth"
port: 8080
initialDelaySeconds: 10
timeoutSeconds: 10
livenessProbe:
httpGet:
path: "/auth"
port: 8080
initialDelaySeconds: 60
timeoutSeconds: 10
volumeMounts:
- name: keycloak-tls
mountPath: /opt/jboss/keycloak/standalone/configuration/tls
- name: keycloak-subst-config
mountPath: /opt/jboss/keycloak/standalone/configuration/import
- name: keycloak-theme
mountPath: /opt/jboss/keycloak/themes/fabric8
volumes:
- name: keycloak-tls
emptyDir: {}
- name: keycloak-subst-config
emptyDir: {}
- name: keycloak-config
configMap:
name: keycloak
items:
- key: fabric8-realm.json
path: config/fabric8-realm.json
- name: keycloak-theme
emptyDir: {}
© 2015 - 2024 Weber Informatics LLC | Privacy Policy