Files
athletic-map-deploy/tenants/demo/20-keycloak.yaml
T

87 lines
2.3 KiB
YAML

# Keycloak dedicado do tenant demo (IdP do silo) — modo dev, persistindo no Postgres
apiVersion: apps/v1
kind: Deployment
metadata:
name: keycloak
namespace: demo-prod
spec:
replicas: 1
selector:
matchLabels:
app: keycloak
template:
metadata:
labels:
app: keycloak
spec:
containers:
- name: keycloak
image: quay.io/keycloak/keycloak:26.0
args: ["start-dev", "--import-realm"]
env:
- name: KC_DB
value: postgres
- name: KC_DB_URL
value: "jdbc:postgresql://postgres:5432/keycloak"
- name: KC_DB_USERNAME
value: atm
- name: KC_DB_PASSWORD
valueFrom:
secretKeyRef:
name: db-credentials
key: password
- name: KC_BOOTSTRAP_ADMIN_USERNAME
value: admin
- name: KC_BOOTSTRAP_ADMIN_PASSWORD
valueFrom:
secretKeyRef:
name: keycloak-admin
key: password
- name: KC_HEALTH_ENABLED
value: "true"
- name: KC_HTTP_ENABLED
value: "true"
- name: KC_PROXY_HEADERS
value: xforwarded
- name: KC_HOSTNAME
value: "auth-demo.athleticmap.influxdigital.com.br"
- name: KC_HOSTNAME_STRICT
value: "false"
ports:
- containerPort: 8080
- containerPort: 9000
resources:
requests:
cpu: 250m
memory: 512Mi
limits:
cpu: "1"
memory: 1Gi
readinessProbe:
httpGet:
path: /health/ready
port: 9000
initialDelaySeconds: 30
periodSeconds: 10
failureThreshold: 40
volumeMounts:
- name: realm-import
mountPath: /opt/keycloak/data/import
readOnly: true
volumes:
- name: realm-import
configMap:
name: kc-realm-import
---
apiVersion: v1
kind: Service
metadata:
name: keycloak
namespace: demo-prod
spec:
selector:
app: keycloak
ports:
- port: 8080
targetPort: 8080