# # ============LICENSE_START======================================================= # Copyright (C) 2022 Nordix Foundation. # ================================================================================ # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. # # SPDX-License-Identifier: Apache-2.0 # ============LICENSE_END========================================================= # apiVersion: v1 kind: ServiceAccount metadata: name: keycloak namespace: default --- apiVersion: v1 kind: Service metadata: name: keycloak labels: app: keycloak spec: type: ExternalName externalName: keycloak.local ports: - name: http port: 8080 targetPort: 8080 nodePort: 31560 - name: https port: 8443 targetPort: 8443 nodePort: 31561 selector: app: keycloak type: LoadBalancer --- apiVersion: apps/v1 kind: Deployment metadata: name: keycloak namespace: default labels: app: keycloak spec: replicas: 1 selector: matchLabels: app: keycloak template: metadata: labels: app: keycloak spec: initContainers: - name: init-postgres image: busybox imagePullPolicy: IfNotPresent command: ['sh', '-c', 'until nc -vz postgres 5432; do echo waiting for postgres db; sleep 2; done;'] serviceAccountName: keycloak containers: - name: keycloak image: quay.io/keycloak/keycloak:16.1.1 imagePullPolicy: IfNotPresent env: - name: KEYCLOAK_USER value: "admin" - name: KEYCLOAK_PASSWORD value: "admin" - name: KEYCLOAK_HTTPS_PORT value: "8443" - name: PROXY_ADDRESS_FORWARDING value: "true" - name: MANAGEMENT_USER value: "wildfly-admin" - name: MANAGEMENT_PASSWORD value: "secret" - name: INGRESS_ENABLED value: "false" - name: DB_VENDOR value: "postgres" - name: DB_ADDR value: "postgres" - name: DB_PORT value: "5432" - name: DB_DATABASE value: "keycloak" - name: DB_USER value: "keycloak" - name : DB_PASSWORD value: "keycloak" - name : X509_CA_BUNDLE value: /etc/x509/https/rootCA.crt ports: - name: http containerPort: 8080 - name: https containerPort: 8443 readinessProbe: httpGet: path: /auth/realms/master port: 8080 volumeMounts: - name: keycloak-certs mountPath: /etc/x509/https volumes: - name: keycloak-certs hostPath: path: /var/keycloak/certs type: Directory --- apiVersion: networking.istio.io/v1alpha3 kind: Gateway metadata: name: kcgateway spec: selector: istio: ingressgateway # use istio default ingress gateway servers: - port: number: 443 name: https protocol: HTTPS tls: mode: PASSTHROUGH hosts: - keycloak.oran.org - port: number: 80 name: http protocol: HTTP hosts: - "*" --- apiVersion: networking.istio.io/v1alpha3 kind: VirtualService metadata: name: keycloak-tls-vs spec: hosts: - keycloak.oran.org gateways: - kcgateway tls: - match: - port: 443 sniHosts: - keycloak.oran.org route: - destination: host: keycloak.default.svc.cluster.local port: number: 8443 --- apiVersion: networking.istio.io/v1beta1 kind: VirtualService metadata: name: keycloak-vs spec: hosts: - "*" gateways: - kcgateway http: - name: "keycloak-routes" match: - uri: prefix: "/auth" route: - destination: port: number: 8080 host: keycloak.default.svc.cluster.local ---