X-Git-Url: https://gerrit.o-ran-sc.org/r/gitweb?a=blobdiff_plain;f=service-exposure%2Fkeycloak.yaml;h=b6a18c3a65e6b11ca9eec47ec8fa7707d2652f80;hb=df61b02070956cac9ec7429281dc78ba853b46ed;hp=d611c6d217563a23b96f06a916c16395aa9fad3f;hpb=28fa9fbfee514da8c85171facbabe6747f499988;p=nonrtric.git diff --git a/service-exposure/keycloak.yaml b/service-exposure/keycloak.yaml index d611c6d2..b6a18c3a 100644 --- a/service-exposure/keycloak.yaml +++ b/service-exposure/keycloak.yaml @@ -1,6 +1,6 @@ # # ============LICENSE_START======================================================= -# Copyright (C) 2022 Nordix Foundation. +# Copyright (C) 2022-2023 Nordix Foundation. # ================================================================================ # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -72,35 +72,41 @@ spec: - name: keycloak image: quay.io/keycloak/keycloak:latest imagePullPolicy: IfNotPresent + args: [ + 'start', + '--https-key-store-file=/etc/x509/https/server.keystore', + '--https-key-store-password=changeit', + '--https-key-store-type=PKCS12', + '--https-trust-store-file=/etc/x509/https/server.truststore', + '--https-trust-store-password=changeit', + '--https-trust-store-type=PKCS12', + '--https-client-auth=request', + '--http-enabled=true' + ] + env: - - name: KEYCLOAK_USER - value: "admin" - - name: KEYCLOAK_PASSWORD - value: "admin" - - name: KEYCLOAK_HTTPS_PORT - value: "8443" - - name: PROXY_ADDRESS_FORWARDING - value: "true" - - name: MANAGEMENT_USER - value: "wildfly-admin" - - name: MANAGEMENT_PASSWORD - value: "secret" - - name: INGRESS_ENABLED - value: "false" - - name: DB_VENDOR - value: "postgres" - - name: DB_ADDR - value: "postgres" - - name: DB_PORT - value: "5432" - - name: DB_DATABASE - value: "keycloak" - - name: DB_USER - value: "keycloak" - - name : DB_PASSWORD - value: "keycloak" - name : X509_CA_BUNDLE value: /etc/x509/https/rootCA.crt + - name : KEYCLOAK_ADMIN + value: admin + - name : KEYCLOAK_ADMIN_PASSWORD + value: admin + - name : KC_DB + value: postgres + - name : KC_DB_URL + value: "jdbc:postgresql://postgres:5432/keycloak" + - name : KC_DB_USERNAME + value: keycloak + - name : KC_DB_PASSWORD + value: keycloak + - name : KC_HOSTNAME + value: keycloak + - name : MY_PROVIDER_JAR_URL + value: /opt/jboss/keycloak/standalone/deployments/authz-js-policies.jar + - name: KC_HEALTH_ENABLED + value: "true" + - name: KC_METRICS_ENABLED + value: "true" ports: - name: http containerPort: 8080 @@ -108,16 +114,23 @@ spec: containerPort: 8443 readinessProbe: httpGet: - path: /auth/realms/master - port: 8080 + scheme: HTTPS + path: /health/ready + port: 8443 volumeMounts: - name: keycloak-certs mountPath: /etc/x509/https + - name: authz-js-policies + mountPath: /opt/jboss/keycloak/standalone/deployments/authz-js-policies.jar volumes: - name: keycloak-certs hostPath: path: /var/keycloak/certs type: Directory + - name: authz-js-policies + hostPath: + path: /var/keycloak/deployments/authz-js-policies.jar + type: File --- apiVersion: networking.istio.io/v1alpha3 kind: Gateway @@ -175,7 +188,7 @@ spec: - name: "keycloak-routes" match: - uri: - prefix: "/auth" + prefix: "/realms" route: - destination: port: