2 # ============LICENSE_START=======================================================
3 # Copyright (C) 2022-2023 Nordix Foundation.
4 # ================================================================================
5 # Licensed under the Apache License, Version 2.0 (the "License");
6 # you may not use this file except in compliance with the License.
7 # You may obtain a copy of the License at
9 # http://www.apache.org/licenses/LICENSE-2.0
11 # Unless required by applicable law or agreed to in writing, software
12 # distributed under the License is distributed on an "AS IS" BASIS,
13 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14 # See the License for the specific language governing permissions and
15 # limitations under the License.
17 # SPDX-License-Identifier: Apache-2.0
18 # ============LICENSE_END=========================================================
34 externalName: keycloak.local
68 imagePullPolicy: IfNotPresent
69 command: ['sh', '-c', 'until nc -vz postgres 5432; do echo waiting for postgres db; sleep 2; done;']
70 serviceAccountName: keycloak
73 image: quay.io/keycloak/keycloak:latest
74 imagePullPolicy: IfNotPresent
77 '--https-key-store-file=/etc/x509/https/server.keystore',
78 '--https-key-store-password=changeit',
79 '--https-key-store-type=PKCS12',
80 '--https-trust-store-file=/etc/x509/https/server.truststore',
81 '--https-trust-store-password=changeit',
82 '--https-trust-store-type=PKCS12',
83 '--https-client-auth=request',
88 - name : X509_CA_BUNDLE
89 value: /etc/x509/https/rootCA.crt
90 - name : KEYCLOAK_ADMIN
92 - name : KEYCLOAK_ADMIN_PASSWORD
97 value: "jdbc:postgresql://postgres:5432/keycloak"
98 - name : KC_DB_USERNAME
100 - name : KC_DB_PASSWORD
104 - name : MY_PROVIDER_JAR_URL
105 value: /opt/jboss/keycloak/standalone/deployments/authz-js-policies.jar
106 - name: KC_HEALTH_ENABLED
108 - name: KC_METRICS_ENABLED
121 - name: keycloak-certs
122 mountPath: /etc/x509/https
123 - name: authz-js-policies
124 mountPath: /opt/jboss/keycloak/standalone/deployments/authz-js-policies.jar
126 - name: keycloak-certs
128 path: /var/keycloak/certs
130 - name: authz-js-policies
132 path: /var/keycloak/deployments/authz-js-policies.jar
135 apiVersion: networking.istio.io/v1alpha3
141 istio: ingressgateway # use istio default ingress gateway
158 apiVersion: networking.istio.io/v1alpha3
161 name: keycloak-tls-vs
174 host: keycloak.default.svc.cluster.local
178 apiVersion: networking.istio.io/v1beta1
188 - name: "keycloak-routes"
196 host: keycloak.default.svc.cluster.local