WorkClub Automation
eaa163afa4
Update Keycloak probe/realm import behavior and authority config so auth services start reliably on the dev cluster, while keeping CD deployment steps aligned with the actual Kubernetes overlay behavior.
110 lines
2.8 KiB
YAML
110 lines
2.8 KiB
YAML
apiVersion: apps/v1
|
|
kind: Deployment
|
|
metadata:
|
|
name: workclub-keycloak
|
|
labels:
|
|
app: workclub-keycloak
|
|
component: auth
|
|
spec:
|
|
replicas: 1
|
|
strategy:
|
|
type: Recreate
|
|
progressDeadlineSeconds: 1800
|
|
selector:
|
|
matchLabels:
|
|
app: workclub-keycloak
|
|
template:
|
|
metadata:
|
|
labels:
|
|
app: workclub-keycloak
|
|
component: auth
|
|
spec:
|
|
containers:
|
|
- name: keycloak
|
|
image: quay.io/keycloak/keycloak:26.1
|
|
imagePullPolicy: IfNotPresent
|
|
args:
|
|
- start-dev
|
|
- --import-realm
|
|
ports:
|
|
- name: http
|
|
containerPort: 8080
|
|
protocol: TCP
|
|
- name: management
|
|
containerPort: 9000
|
|
protocol: TCP
|
|
readinessProbe:
|
|
httpGet:
|
|
path: /health/ready
|
|
port: management
|
|
initialDelaySeconds: 240
|
|
periodSeconds: 15
|
|
timeoutSeconds: 5
|
|
failureThreshold: 10
|
|
startupProbe:
|
|
httpGet:
|
|
path: /health/ready
|
|
port: management
|
|
initialDelaySeconds: 60
|
|
periodSeconds: 15
|
|
timeoutSeconds: 5
|
|
failureThreshold: 120
|
|
|
|
livenessProbe:
|
|
httpGet:
|
|
path: /health/live
|
|
port: management
|
|
initialDelaySeconds: 420
|
|
periodSeconds: 20
|
|
timeoutSeconds: 5
|
|
failureThreshold: 5
|
|
resources:
|
|
requests:
|
|
cpu: 100m
|
|
memory: 256Mi
|
|
limits:
|
|
cpu: 500m
|
|
memory: 1024Mi
|
|
env:
|
|
- name: KC_DB
|
|
value: postgres
|
|
- name: KC_DB_URL_HOST
|
|
value: workclub-postgres
|
|
- name: KC_DB_URL_PORT
|
|
value: "5432"
|
|
- name: KC_DB_URL_DATABASE
|
|
value: keycloak
|
|
- name: KC_DB_USERNAME
|
|
value: keycloak
|
|
- name: KC_DB_PASSWORD
|
|
valueFrom:
|
|
secretKeyRef:
|
|
name: workclub-secrets
|
|
key: keycloak-db-password
|
|
- name: KC_BOOTSTRAP_ADMIN_USERNAME
|
|
valueFrom:
|
|
secretKeyRef:
|
|
name: workclub-secrets
|
|
key: keycloak-admin-username
|
|
- name: KC_BOOTSTRAP_ADMIN_PASSWORD
|
|
valueFrom:
|
|
secretKeyRef:
|
|
name: workclub-secrets
|
|
key: keycloak-admin-password
|
|
- name: KC_HOSTNAME_STRICT
|
|
value: "false"
|
|
- name: KC_PROXY
|
|
value: "edge"
|
|
- name: KC_HTTP_ENABLED
|
|
value: "true"
|
|
- name: KC_HEALTH_ENABLED
|
|
value: "true"
|
|
volumeMounts:
|
|
- name: keycloak-realm-import
|
|
mountPath: /opt/keycloak/data/import
|
|
readOnly: true
|
|
volumes:
|
|
- name: keycloak-realm-import
|
|
configMap:
|
|
name: keycloak-realm-import
|