Code Review
/
nonrtric.git
/ blobdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
review
|
tree
raw
|
inline
| side by side
Update README
[nonrtric.git]
/
service-exposure
/
keycloak.yaml
diff --git
a/service-exposure/keycloak.yaml
b/service-exposure/keycloak.yaml
index
d611c6d
..
2beace2
100644
(file)
--- a/
service-exposure/keycloak.yaml
+++ b/
service-exposure/keycloak.yaml
@@
-20,23
+20,24
@@
apiVersion: v1
kind: ServiceAccount
metadata:
apiVersion: v1
kind: ServiceAccount
metadata:
- name: keycloak
+ name: keycloak
namespace: default
---
apiVersion: v1
kind: Service
metadata:
name: keycloak
namespace: default
---
apiVersion: v1
kind: Service
metadata:
name: keycloak
+ namespace: default
labels:
app: keycloak
spec:
type: ExternalName
labels:
app: keycloak
spec:
type: ExternalName
- externalName: keycloak.local
+ externalName: keycloak.local
ports:
- name: http
port: 8080
targetPort: 8080
ports:
- name: http
port: 8080
targetPort: 8080
- nodePort: 31560
+ nodePort: 31560
- name: https
port: 8443
targetPort: 8443
- name: https
port: 8443
targetPort: 8443
@@
-65,20
+66,20
@@
spec:
initContainers:
- name: init-postgres
image: busybox
initContainers:
- name: init-postgres
image: busybox
- imagePullPolicy: IfNotPresent
+ imagePullPolicy: IfNotPresent
command: ['sh', '-c', 'until nc -vz postgres 5432; do echo waiting for postgres db; sleep 2; done;']
command: ['sh', '-c', 'until nc -vz postgres 5432; do echo waiting for postgres db; sleep 2; done;']
- serviceAccountName: keycloak
+ serviceAccountName: keycloak
containers:
- name: keycloak
containers:
- name: keycloak
- image: quay.io/keycloak/keycloak:
latest
- imagePullPolicy: IfNotPresent
+ image: quay.io/keycloak/keycloak:
16.1.1
+ imagePullPolicy: IfNotPresent
env:
- name: KEYCLOAK_USER
value: "admin"
- name: KEYCLOAK_PASSWORD
value: "admin"
- name: KEYCLOAK_HTTPS_PORT
env:
- name: KEYCLOAK_USER
value: "admin"
- name: KEYCLOAK_PASSWORD
value: "admin"
- name: KEYCLOAK_HTTPS_PORT
- value: "8443"
+ value: "8443"
- name: PROXY_ADDRESS_FORWARDING
value: "true"
- name: MANAGEMENT_USER
- name: PROXY_ADDRESS_FORWARDING
value: "true"
- name: MANAGEMENT_USER
@@
-89,18
+90,18
@@
spec:
value: "false"
- name: DB_VENDOR
value: "postgres"
value: "false"
- name: DB_VENDOR
value: "postgres"
- - name: DB_ADDR
+ - name: DB_ADDR
value: "postgres"
value: "postgres"
- - name: DB_PORT
+ - name: DB_PORT
value: "5432"
- name: DB_DATABASE
value: "keycloak"
- name: DB_USER
value: "5432"
- name: DB_DATABASE
value: "keycloak"
- name: DB_USER
- value: "keycloak"
+ value: "keycloak"
- name : DB_PASSWORD
- name : DB_PASSWORD
- value: "keycloak"
- - name : X509_CA_BUNDLE
- value: /etc/x509/https/rootCA.crt
+ value: "keycloak"
+ - name : X509_CA_BUNDLE
+ value: /etc/x509/https/rootCA.crt
ports:
- name: http
containerPort: 8080
ports:
- name: http
containerPort: 8080
@@
-111,18
+112,19
@@
spec:
path: /auth/realms/master
port: 8080
volumeMounts:
path: /auth/realms/master
port: 8080
volumeMounts:
- - name: keycloak-certs
- mountPath: /etc/x509/https
+ - name: keycloak-certs
+ mountPath: /etc/x509/https
volumes:
volumes:
- - name: keycloak-certs
+ - name: keycloak-certs
hostPath:
hostPath:
- path: /var/keycloak/certs
+ path: /var/keycloak/certs
type: Directory
---
apiVersion: networking.istio.io/v1alpha3
kind: Gateway
metadata:
name: kcgateway
type: Directory
---
apiVersion: networking.istio.io/v1alpha3
kind: Gateway
metadata:
name: kcgateway
+ namespace: default
spec:
selector:
istio: ingressgateway # use istio default ingress gateway
spec:
selector:
istio: ingressgateway # use istio default ingress gateway
@@
-134,7
+136,7
@@
spec:
tls:
mode: PASSTHROUGH
hosts:
tls:
mode: PASSTHROUGH
hosts:
- - keycloak.
est.tech
+ - keycloak.
oran.org
- port:
number: 80
name: http
- port:
number: 80
name: http
@@
-146,16
+148,17
@@
apiVersion: networking.istio.io/v1alpha3
kind: VirtualService
metadata:
name: keycloak-tls-vs
kind: VirtualService
metadata:
name: keycloak-tls-vs
+ namespace: default
spec:
hosts:
spec:
hosts:
- - keycloak.
est.tech
+ - keycloak.
oran.org
gateways:
- kcgateway
tls:
- match:
- port: 443
sniHosts:
gateways:
- kcgateway
tls:
- match:
- port: 443
sniHosts:
- - keycloak.
est.tech
+ - keycloak.
oran.org
route:
- destination:
host: keycloak.default.svc.cluster.local
route:
- destination:
host: keycloak.default.svc.cluster.local
@@
-166,11
+169,12
@@
apiVersion: networking.istio.io/v1beta1
kind: VirtualService
metadata:
name: keycloak-vs
kind: VirtualService
metadata:
name: keycloak-vs
+ namespace: default
spec:
hosts:
- "*"
gateways:
spec:
hosts:
- "*"
gateways:
- - kcgateway
+ - kcgateway
http:
- name: "keycloak-routes"
match:
http:
- name: "keycloak-routes"
match: