#
# ============LICENSE_START=======================================================
-# Copyright (C) 2022 Nordix Foundation.
+# Copyright (C) 2022-2023 Nordix Foundation.
# ================================================================================
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
- name: keycloak
image: quay.io/keycloak/keycloak:latest
imagePullPolicy: IfNotPresent
+ args: [
+ 'start',
+ '--https-key-store-file=/etc/x509/https/server.keystore',
+ '--https-key-store-password=changeit',
+ '--https-key-store-type=PKCS12',
+ '--https-trust-store-file=/etc/x509/https/server.truststore',
+ '--https-trust-store-password=changeit',
+ '--https-trust-store-type=PKCS12',
+ '--https-client-auth=request',
+ '--http-enabled=true'
+ ]
+
env:
- - name: KEYCLOAK_USER
- value: "admin"
- - name: KEYCLOAK_PASSWORD
- value: "admin"
- - name: KEYCLOAK_HTTPS_PORT
- value: "8443"
- - name: PROXY_ADDRESS_FORWARDING
- value: "true"
- - name: MANAGEMENT_USER
- value: "wildfly-admin"
- - name: MANAGEMENT_PASSWORD
- value: "secret"
- - name: INGRESS_ENABLED
- value: "false"
- - name: DB_VENDOR
- value: "postgres"
- - name: DB_ADDR
- value: "postgres"
- - name: DB_PORT
- value: "5432"
- - name: DB_DATABASE
- value: "keycloak"
- - name: DB_USER
- value: "keycloak"
- - name : DB_PASSWORD
- value: "keycloak"
- name : X509_CA_BUNDLE
value: /etc/x509/https/rootCA.crt
+ - name : KEYCLOAK_ADMIN
+ value: admin
+ - name : KEYCLOAK_ADMIN_PASSWORD
+ value: admin
+ - name : KC_DB
+ value: postgres
+ - name : KC_DB_URL
+ value: "jdbc:postgresql://postgres:5432/keycloak"
+ - name : KC_DB_USERNAME
+ value: keycloak
+ - name : KC_DB_PASSWORD
+ value: keycloak
+ - name : KC_HOSTNAME
+ value: keycloak
+ - name : MY_PROVIDER_JAR_URL
+ value: /opt/jboss/keycloak/standalone/deployments/authz-js-policies.jar
+ - name: KC_HEALTH_ENABLED
+ value: "true"
+ - name: KC_METRICS_ENABLED
+ value: "true"
ports:
- name: http
containerPort: 8080
containerPort: 8443
readinessProbe:
httpGet:
- path: /auth/realms/master
- port: 8080
+ scheme: HTTPS
+ path: /health/ready
+ port: 8443
volumeMounts:
- name: keycloak-certs
mountPath: /etc/x509/https
+ - name: authz-js-policies
+ mountPath: /opt/jboss/keycloak/standalone/deployments/authz-js-policies.jar
volumes:
- name: keycloak-certs
hostPath:
path: /var/keycloak/certs
type: Directory
+ - name: authz-js-policies
+ hostPath:
+ path: /var/keycloak/deployments/authz-js-policies.jar
+ type: File
---
apiVersion: networking.istio.io/v1alpha3
kind: Gateway
- name: "keycloak-routes"
match:
- uri:
- prefix: "/auth"
+ prefix: "/realms"
route:
- destination:
port: