Update keycloak version

[nonrtric.git] / service-exposure / keycloak.yaml

diff --git a/service-exposure/keycloak.yaml b/service-exposure/keycloak.yaml
index d611c6d..b6a18c3 100644 (file)
--- a/service-exposure/keycloak.yaml
+++ b/service-exposure/keycloak.yaml
@@ -1,6 +1,6 @@
 #
 # ============LICENSE_START=======================================================
-#  Copyright (C) 2022 Nordix Foundation.
+#  Copyright (C) 2022-2023 Nordix Foundation.
 # ================================================================================
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
@@ -72,35 +72,41 @@ spec:
       - name: keycloak
         image: quay.io/keycloak/keycloak:latest
         imagePullPolicy: IfNotPresent 
+        args: [ 
+                'start',
+                '--https-key-store-file=/etc/x509/https/server.keystore',
+                '--https-key-store-password=changeit',
+                '--https-key-store-type=PKCS12',
+                '--https-trust-store-file=/etc/x509/https/server.truststore',
+                '--https-trust-store-password=changeit',
+                '--https-trust-store-type=PKCS12',
+                '--https-client-auth=request',
+                '--http-enabled=true'
+              ]
+
         env:
-        - name: KEYCLOAK_USER
-          value: "admin"
-        - name: KEYCLOAK_PASSWORD
-          value: "admin"
-        - name: KEYCLOAK_HTTPS_PORT
-          value: "8443" 
-        - name: PROXY_ADDRESS_FORWARDING
-          value: "true"
-        - name: MANAGEMENT_USER
-          value: "wildfly-admin"
-        - name: MANAGEMENT_PASSWORD
-          value: "secret"
-        - name: INGRESS_ENABLED
-          value: "false"
-        - name: DB_VENDOR
-          value: "postgres"
-        - name: DB_ADDR 
-          value: "postgres"
-        - name: DB_PORT 
-          value: "5432"
-        - name: DB_DATABASE
-          value: "keycloak"
-        - name: DB_USER
-          value: "keycloak" 
-        - name : DB_PASSWORD
-          value: "keycloak" 
         - name : X509_CA_BUNDLE 
           value: /etc/x509/https/rootCA.crt 
+        - name : KEYCLOAK_ADMIN 
+          value: admin 
+        - name : KEYCLOAK_ADMIN_PASSWORD 
+          value: admin 
+        - name : KC_DB 
+          value: postgres 
+        - name : KC_DB_URL 
+          value: "jdbc:postgresql://postgres:5432/keycloak"  
+        - name : KC_DB_USERNAME
+          value: keycloak
+        - name : KC_DB_PASSWORD
+          value: keycloak
+        - name : KC_HOSTNAME
+          value: keycloak 
+        - name : MY_PROVIDER_JAR_URL 
+          value: /opt/jboss/keycloak/standalone/deployments/authz-js-policies.jar 
+        - name: KC_HEALTH_ENABLED
+          value: "true"
+        - name: KC_METRICS_ENABLED 
+          value: "true"
         ports:
         - name: http
           containerPort: 8080
@@ -108,16 +114,23 @@ spec:
           containerPort: 8443
         readinessProbe:
           httpGet:
-            path: /auth/realms/master
-            port: 8080
+            scheme: HTTPS 
+            path: /health/ready 
+            port: 8443
         volumeMounts:
         - name: keycloak-certs 
           mountPath: /etc/x509/https 
+        - name: authz-js-policies 
+          mountPath: /opt/jboss/keycloak/standalone/deployments/authz-js-policies.jar 
       volumes:
       - name: keycloak-certs 
         hostPath:
            path: /var/keycloak/certs 
            type: Directory
+      - name: authz-js-policies 
+        hostPath:
+           path: /var/keycloak/deployments/authz-js-policies.jar 
+           type: File
 ---
 apiVersion: networking.istio.io/v1alpha3
 kind: Gateway
@@ -175,7 +188,7 @@ spec:
   - name: "keycloak-routes"
     match:
     - uri:
-        prefix: "/auth"
+        prefix: "/realms"
     route:
     - destination:
         port: