API tools faq
paste
kuzznya

keycloak.yaml

kuzznya
Feb 28th, 2023
4,574
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
YAML 4.48 KB | None | 0 0
raw download clone embed print report
  1. apiVersion: networking.k8s.io/v1
  2. kind: Ingress
  3. metadata:
  4.   name: keycloak-ingress
  5.   namespace: auth
  6.   annotations:
  7.     ingressClassName: "traefik"
  8.     kubernetes.io/ingress.class: "traefik"
  9.     cert-manager.io/cluster-issuer: letsencrypt-prod
  10. spec:
  11.   tls:
  12.     - secretName: auth-tls
  13.       hosts:
  14.        - auth.kuzznya.com
  15.   rules:
  16.     - host: auth.kuzznya.com
  17.       http:
  18.         paths:
  19.           - path: /
  20.             pathType: Prefix
  21.             backend:
  22.               service:
  23.                 name: keycloak
  24.                 port:
  25.                   number: 8080
  26.  
  27. ---
  28.  
  29. # copy of keycloak-ingress with 'web' entrypoint and 'default-redirect' middleware to redirect http to https
  30. apiVersion: networking.k8s.io/v1
  31. kind: Ingress
  32. metadata:
  33.   name: keycloak-ingress-redirect
  34.   namespace: auth
  35.   annotations:
  36.     traefik.ingress.kubernetes.io/router.middlewares: default-redirect@kubernetescrd
  37.     traefik.ingress.kubernetes.io/router.entrypoints: web
  38. spec:
  39.   tls:
  40.     - secretName: auth-tls
  41.       hosts:
  42.        - auth.kuzznya.com
  43.   rules:
  44.     - host: auth.kuzznya.com
  45.       http:
  46.         paths:
  47.           - path: /
  48.             pathType: Prefix
  49.             backend:
  50.               service:
  51.                 name: keycloak
  52.                 port:
  53.                   number: 8080
  54.  
  55. ---
  56.  
  57. apiVersion: v1
  58. kind: Service
  59. metadata:
  60.   name: keycloak
  61.   namespace: auth
  62.   labels:
  63.     app: keycloak
  64. spec:
  65.   ports:
  66.     - port: 8080
  67.       targetPort: 8080
  68.       name: http8080
  69.   selector:
  70.     app: keycloak
  71.  
  72. ---
  73.  
  74. apiVersion: apps/v1
  75. kind: Deployment
  76. metadata:
  77.   name: keycloak
  78.   namespace: auth
  79.   labels:
  80.     app: keycloak
  81. spec:
  82.   replicas: 1
  83.   selector:
  84.     matchLabels:
  85.       app: keycloak
  86.   template:
  87.     metadata:
  88.       labels:
  89.         app: keycloak
  90.     spec:
  91.       containers:
  92.         - name: keycloak
  93.           image: quay.io/keycloak/keycloak:19.0.1
  94.           command: ["/opt/keycloak/bin/kc.sh", "start", "--import-realm", "--hostname-strict-https=false"]
  95.           env:
  96.             - name: KC_HOSTNAME
  97.               value: auth.kuzznya.com
  98.             - name: KC_HOSTNAME_STRICT
  99.               value: "false"
  100.             - name: KC_PROXY
  101.               value: "edge"
  102.             - name: PROXY_ADDRESS_FORWARDING
  103.               value: "true"
  104.             - name: KEYCLOAK_ADMIN
  105.               value: admin
  106.             - name: KEYCLOAK_ADMIN_PASSWORD
  107.               valueFrom:
  108.                 secretKeyRef:
  109.                   name: keycloak-secrets
  110.                   key: KEYCLOAK_PASSWORD
  111.             - name: KC_DB
  112.               value: postgres
  113.             - name: KC_DB_URL
  114.               value: jdbc:postgresql://keycloak-db:5432/postgres
  115.             - name: KC_DB_USERNAME
  116.               value: postgres
  117.             - name: KC_DB_PASSWORD
  118.               valueFrom:
  119.                 secretKeyRef:
  120.                   name: keycloak-secrets
  121.                   key: KEYCLOAK_DB_PASSWORD
  122.           ports:
  123.             - containerPort: 8080
  124.               name: http8080
  125.           volumeMounts:
  126.             - name: realm-volume
  127.               mountPath: /opt/keycloak/data/import
  128.       volumes:
  129.         - name: realm-volume
  130.           configMap:
  131.             name: keycloak-realms
  132.  
  133. ---
  134.  
  135. apiVersion: v1
  136. kind: Service
  137. metadata:
  138.   name: keycloak-db
  139.   namespace: auth
  140.   labels:
  141.     app: postgres
  142. spec:
  143.   ports:
  144.     - port: 5432
  145.       name: pgport
  146.   selector:
  147.     app: postgres
  148.  
  149. ---
  150.  
  151. apiVersion: apps/v1
  152. kind: StatefulSet
  153. metadata:
  154.   name: keycloak-db
  155.   namespace: auth
  156. spec:
  157.   selector:
  158.     matchLabels:
  159.       app: postgres
  160.   serviceName: keycloak-db
  161.   replicas: 1
  162.   template:
  163.     metadata:
  164.       labels:
  165.         app: postgres
  166.     spec:
  167.       terminationGracePeriodSeconds: 30
  168.       containers:
  169.         - name: postgres
  170.           image: postgres:13
  171.           env:
  172.             - name: POSTGRES_DB
  173.               value: postgres
  174.             - name: POSTGRES_USER
  175.               value: postgres
  176.             - name: POSTGRES_PASSWORD
  177.               valueFrom:
  178.                 secretKeyRef:
  179.                   name: keycloak-secrets
  180.                   key: KEYCLOAK_DB_PASSWORD
  181.           ports:
  182.             - containerPort: 5432
  183.               name: pgport
  184.           volumeMounts:
  185.             - name: keycloak-db-data
  186.               mountPath: /var/lib/postgresql
  187.   volumeClaimTemplates:
  188.     - metadata:
  189.         name: keycloak-db-data
  190.       spec:
  191.         accessModes: [ "ReadWriteOnce" ]
  192.         resources:
  193.           requests:
  194.             storage: 1Gi
Advertisement
Add Comment
Please, Sign In to add comment
Public Pastes
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!