k8s/apps
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

keycloak update

Browse Source
This commit is contained in:
Philip Haupt
2025-09-03 16:33:22 +02:00
parent 1d9521de7f
commit ab9a938d4d
3 changed files with 440 additions and 541 deletions
Download Patch File Download Diff File Expand all files Collapse all files

138
keycloak/main.yaml
View File

@@ -1,5 +1,5 @@
apiVersion: v1
automountServiceAccountToken: false
automountServiceAccountToken: true
kind: ServiceAccount
metadata:
labels:
@@ -7,8 +7,9 @@ metadata:
app.kubernetes.io/instance: keycloak
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: keycloak
app.kubernetes.io/version: 26.2.5
helm.sh/chart: keycloak-24.7.3
app.kubernetes.io/part-of: keycloak
app.kubernetes.io/version: 26.3.3
helm.sh/chart: keycloak-25.2.0
name: keycloak
namespace: keycloak
---
@@ -20,29 +21,34 @@ metadata:
app.kubernetes.io/instance: keycloak
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: postgresql
app.kubernetes.io/version: 17.4.0
helm.sh/chart: postgresql-16.6.6
app.kubernetes.io/version: 17.6.0
helm.sh/chart: postgresql-16.7.26
name: keycloak-postgresql
namespace: keycloak
---
apiVersion: v1
data:
BITNAMI_DEBUG: "false"
JAVA_OPTS_APPEND: -Djgroups.dns.query=keycloak-headless.keycloak.svc.cluster.local
KC_BOOTSTRAP_ADMIN_PASSWORD_FILE: /opt/bitnami/keycloak/secrets/admin-password
KC_BOOTSTRAP_ADMIN_USERNAME: user
KC_CACHE: ispn
KC_CACHE_CONFIG_FILE: cache-ispn.xml
KC_CACHE_STACK: kubernetes
KC_CACHE_TYPE: ispn
KEYCLOAK_DATABASE_HOST: keycloak-postgresql
KEYCLOAK_DATABASE_NAME: keycloak
KEYCLOAK_DATABASE_PORT: "5432"
KEYCLOAK_DATABASE_USER: keycloak
KEYCLOAK_ENABLE_HTTPS: "false"
KEYCLOAK_ENABLE_STATISTICS: "false"
KEYCLOAK_HTTP_PORT: "8080"
KEYCLOAK_LOG_LEVEL: INFO
KEYCLOAK_LOG_OUTPUT: default
KC_CACHE_STACK: jdbc-ping
KC_DB_PASSWORD_FILE: /opt/bitnami/keycloak/secrets/db-db-pass
KC_DB_SCHEMA: public
KC_DB_URL: jdbc:postgresql://keycloak-postgresql:5432/keycloak?currentSchema=public
KC_DB_USERNAME: keycloak
KC_HTTP_ENABLED: "true"
KC_HTTP_MANAGEMENT_PORT: "9000"
KC_HTTP_PORT: "8080"
KC_HTTP_RELATIVE_PATH: /
KC_LOG_CONSOLE_OUTPUT: default
KC_LOG_LEVEL: INFO
KC_METRICS_ENABLED: "false"
KC_PROXY_HEADERS: xforwarded
KC_SPI_ADMIN_REALM: master
KEYCLOAK_PRODUCTION: "true"
KEYCLOAK_PROXY_HEADERS: xforwarded
kind: ConfigMap
metadata:
labels:
@@ -50,8 +56,9 @@ metadata:
app.kubernetes.io/instance: keycloak
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: keycloak
app.kubernetes.io/version: 26.2.5
helm.sh/chart: keycloak-24.7.3
app.kubernetes.io/part-of: keycloak
app.kubernetes.io/version: 26.3.3
helm.sh/chart: keycloak-25.2.0
name: keycloak-env-vars
namespace: keycloak
---
@@ -63,8 +70,9 @@ metadata:
app.kubernetes.io/instance: keycloak
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: keycloak
app.kubernetes.io/version: 26.2.5
helm.sh/chart: keycloak-24.7.3
app.kubernetes.io/part-of: keycloak
app.kubernetes.io/version: 26.3.3
helm.sh/chart: keycloak-25.2.0
name: keycloak
namespace: keycloak
spec:
@@ -78,6 +86,7 @@ spec:
app.kubernetes.io/component: keycloak
app.kubernetes.io/instance: keycloak
app.kubernetes.io/name: keycloak
app.kubernetes.io/part-of: keycloak
sessionAffinity: None
type: ClusterIP
---
@@ -89,8 +98,9 @@ metadata:
app.kubernetes.io/instance: keycloak
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: keycloak
app.kubernetes.io/version: 26.2.5
helm.sh/chart: keycloak-24.7.3
app.kubernetes.io/part-of: keycloak
app.kubernetes.io/version: 26.3.3
helm.sh/chart: keycloak-25.2.0
name: keycloak-headless
namespace: keycloak
spec:
@@ -105,6 +115,7 @@ spec:
app.kubernetes.io/component: keycloak
app.kubernetes.io/instance: keycloak
app.kubernetes.io/name: keycloak
app.kubernetes.io/part-of: keycloak
type: ClusterIP
---
apiVersion: v1
@@ -115,8 +126,8 @@ metadata:
app.kubernetes.io/instance: keycloak
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: postgresql
app.kubernetes.io/version: 17.4.0
helm.sh/chart: postgresql-16.6.6
app.kubernetes.io/version: 17.6.0
helm.sh/chart: postgresql-16.7.26
name: keycloak-postgresql
namespace: keycloak
spec:
@@ -140,8 +151,8 @@ metadata:
app.kubernetes.io/instance: keycloak
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: postgresql
app.kubernetes.io/version: 17.4.0
helm.sh/chart: postgresql-16.6.6
app.kubernetes.io/version: 17.6.0
helm.sh/chart: postgresql-16.7.26
name: keycloak-postgresql-hl
namespace: keycloak
spec:
@@ -165,8 +176,9 @@ metadata:
app.kubernetes.io/instance: keycloak
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: keycloak
app.kubernetes.io/version: 26.2.5
helm.sh/chart: keycloak-24.7.3
app.kubernetes.io/part-of: keycloak
app.kubernetes.io/version: 26.3.3
helm.sh/chart: keycloak-25.2.0
name: keycloak
namespace: keycloak
spec:
@@ -178,19 +190,20 @@ spec:
app.kubernetes.io/component: keycloak
app.kubernetes.io/instance: keycloak
app.kubernetes.io/name: keycloak
app.kubernetes.io/part-of: keycloak
serviceName: keycloak-headless
template:
metadata:
annotations:
checksum/configmap-env-vars: 7ed8e56f444615469aa0ea38e604cc7c913c1dd874dcfc7e5dac178b777f2633
checksum/configmap-env-vars: 4a230a1393ed715c878d1636fa21ac2aa5b475c9be310474ed9a3fc22ea1da37
labels:
app.kubernetes.io/app-version: 26.2.5
app.kubernetes.io/component: keycloak
app.kubernetes.io/instance: keycloak
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: keycloak
app.kubernetes.io/version: 26.2.5
helm.sh/chart: keycloak-24.7.3
app.kubernetes.io/part-of: keycloak
app.kubernetes.io/version: 26.3.3
helm.sh/chart: keycloak-25.2.0
spec:
affinity:
nodeAffinity: null
@@ -200,6 +213,7 @@ spec:
- podAffinityTerm:
labelSelector:
matchLabels:
app.kubernetes.io/component: keycloak
app.kubernetes.io/instance: keycloak
app.kubernetes.io/name: keycloak
topologyKey: kubernetes.io/hostname
@@ -212,24 +226,14 @@ spec:
fieldRef:
apiVersion: v1
fieldPath: metadata.namespace
- name: BITNAMI_DEBUG
value: "false"
- name: KC_BOOTSTRAP_ADMIN_PASSWORD_FILE
value: /opt/bitnami/keycloak/secrets/admin-password
- name: KEYCLOAK_DATABASE_PASSWORD_FILE
value: /opt/bitnami/keycloak/secrets/db-db-pass
- name: KEYCLOAK_HTTP_RELATIVE_PATH
value: /
- name: KC_SPI_ADMIN_REALM
value: master
envFrom:
- configMapRef:
name: keycloak-env-vars
image: docker.io/bitnami/keycloak:26.2.5-debian-12-r1
image: docker.io/bitnami/keycloak:26.3.3-debian-12-r0
imagePullPolicy: IfNotPresent
livenessProbe:
failureThreshold: 3
initialDelaySeconds: 300
initialDelaySeconds: 120
periodSeconds: 1
successThreshold: 1
tcpSocket:
@@ -247,6 +251,7 @@ spec:
httpGet:
path: /realms/master
port: http
scheme: HTTP
initialDelaySeconds: 30
periodSeconds: 10
successThreshold: 1
@@ -314,18 +319,18 @@ spec:
info "Copy operation completed"
command:
- /bin/bash
image: docker.io/bitnami/keycloak:26.2.5-debian-12-r1
image: docker.io/bitnami/keycloak:26.3.3-debian-12-r0
imagePullPolicy: IfNotPresent
name: prepare-write-dirs
resources:
limits:
cpu: 750m
cpu: 150m
ephemeral-storage: 2Gi
memory: 768Mi
memory: 192Mi
requests:
cpu: 500m
cpu: 100m
ephemeral-storage: 50Mi
memory: 512Mi
memory: 128Mi
securityContext:
allowPrivilegeEscalation: false
capabilities:
@@ -362,7 +367,6 @@ spec:
path: db-db-pass
name: keycloak
updateStrategy:
rollingUpdate: {}
type: RollingUpdate
---
apiVersion: apps/v1
@@ -373,8 +377,8 @@ metadata:
app.kubernetes.io/instance: keycloak
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: postgresql
app.kubernetes.io/version: 17.4.0
helm.sh/chart: postgresql-16.6.6
app.kubernetes.io/version: 17.6.0
helm.sh/chart: postgresql-16.7.26
name: keycloak-postgresql
namespace: keycloak
spec:
@@ -392,8 +396,8 @@ spec:
app.kubernetes.io/instance: keycloak
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: postgresql
app.kubernetes.io/version: 17.4.0
helm.sh/chart: postgresql-16.6.6
app.kubernetes.io/version: 17.6.0
helm.sh/chart: postgresql-16.7.26
name: keycloak-postgresql
spec:
affinity:
@@ -444,7 +448,7 @@ spec:
value: error
- name: POSTGRESQL_SHARED_PRELOAD_LIBRARIES
value: pgaudit
image: docker.io/bitnami/postgresql:16.6.0-debian-12-r2
image: docker.io/bitnami/postgresql:17.6.0-debian-12-r0
imagePullPolicy: IfNotPresent
livenessProbe:
exec:
@@ -554,8 +558,9 @@ metadata:
app.kubernetes.io/instance: keycloak
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: keycloak
app.kubernetes.io/version: 26.2.5
helm.sh/chart: keycloak-24.7.3
app.kubernetes.io/part-of: keycloak
app.kubernetes.io/version: 26.3.3
helm.sh/chart: keycloak-25.2.0
name: keycloak
namespace: keycloak
spec:
@@ -565,6 +570,7 @@ spec:
app.kubernetes.io/component: keycloak
app.kubernetes.io/instance: keycloak
app.kubernetes.io/name: keycloak
app.kubernetes.io/part-of: keycloak
---
apiVersion: policy/v1
kind: PodDisruptionBudget
@@ -574,8 +580,8 @@ metadata:
app.kubernetes.io/instance: keycloak
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: postgresql
app.kubernetes.io/version: 17.4.0
helm.sh/chart: postgresql-16.6.6
app.kubernetes.io/version: 17.6.0
helm.sh/chart: postgresql-16.7.26
name: keycloak-postgresql
namespace: keycloak
spec:
@@ -594,8 +600,9 @@ metadata:
app.kubernetes.io/instance: keycloak
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: keycloak
app.kubernetes.io/version: 26.2.5
helm.sh/chart: keycloak-24.7.3
app.kubernetes.io/part-of: keycloak
app.kubernetes.io/version: 26.3.3
helm.sh/chart: keycloak-25.2.0
name: keycloak
namespace: keycloak
spec:
@@ -603,13 +610,14 @@ spec:
- {}
ingress:
- ports:
- port: 7800
- port: 8080
- port: 7800
podSelector:
matchLabels:
app.kubernetes.io/component: keycloak
app.kubernetes.io/instance: keycloak
app.kubernetes.io/name: keycloak
app.kubernetes.io/part-of: keycloak
policyTypes:
- Ingress
- Egress
@@ -622,8 +630,8 @@ metadata:
app.kubernetes.io/instance: keycloak
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: postgresql
app.kubernetes.io/version: 17.4.0
helm.sh/chart: postgresql-16.6.6
app.kubernetes.io/version: 17.6.0
helm.sh/chart: postgresql-16.7.26
name: keycloak-postgresql
namespace: keycloak
spec: