apiVersion: apps/v1 kind: Deployment metadata: name: workclub-keycloak labels: app: workclub-keycloak component: auth spec: replicas: 1 strategy: type: Recreate progressDeadlineSeconds: 1800 selector: matchLabels: app: workclub-keycloak template: metadata: labels: app: workclub-keycloak component: auth spec: containers: - name: keycloak image: quay.io/keycloak/keycloak:26.1 imagePullPolicy: IfNotPresent args: - start-dev - --import-realm ports: - name: http containerPort: 8080 protocol: TCP - name: management containerPort: 9000 protocol: TCP readinessProbe: httpGet: path: /health/ready port: management initialDelaySeconds: 240 periodSeconds: 15 timeoutSeconds: 5 failureThreshold: 10 startupProbe: httpGet: path: /health/ready port: management initialDelaySeconds: 60 periodSeconds: 15 timeoutSeconds: 5 failureThreshold: 120 livenessProbe: httpGet: path: /health/live port: management initialDelaySeconds: 420 periodSeconds: 20 timeoutSeconds: 5 failureThreshold: 5 resources: requests: cpu: 100m memory: 256Mi limits: cpu: 500m memory: 1024Mi env: - name: KC_DB value: postgres - name: KC_DB_URL_HOST value: workclub-postgres - name: KC_DB_URL_PORT value: "5432" - name: KC_DB_URL_DATABASE value: keycloak - name: KC_DB_USERNAME value: keycloak - name: KC_DB_PASSWORD valueFrom: secretKeyRef: name: workclub-secrets key: keycloak-db-password - name: KC_BOOTSTRAP_ADMIN_USERNAME valueFrom: secretKeyRef: name: workclub-secrets key: keycloak-admin-username - name: KC_BOOTSTRAP_ADMIN_PASSWORD valueFrom: secretKeyRef: name: workclub-secrets key: keycloak-admin-password - name: KC_HOSTNAME_STRICT value: "false" - name: KC_PROXY value: "edge" - name: KC_HTTP_ENABLED value: "true" - name: KC_HEALTH_ENABLED value: "true" volumeMounts: - name: keycloak-realm-import mountPath: /opt/keycloak/data/import readOnly: true volumes: - name: keycloak-realm-import configMap: name: keycloak-realm-import