apiVersion: v1 automountServiceAccountToken: true imagePullSecrets: [] kind: ServiceAccount metadata: labels: app.kubernetes.io/instance: keycloak app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: keycloakx app.kubernetes.io/version: 26.4.0 helm.sh/chart: keycloakx-7.1.4 name: keycloak-keycloakx namespace: keycloak --- apiVersion: v1 kind: Service metadata: labels: app.kubernetes.io/component: headless app.kubernetes.io/instance: keycloak app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: keycloakx app.kubernetes.io/version: 26.4.0 helm.sh/chart: keycloakx-7.1.4 name: keycloak-keycloakx-headless namespace: keycloak spec: clusterIP: None ports: - name: http port: 80 protocol: TCP targetPort: http selector: app.kubernetes.io/instance: keycloak app.kubernetes.io/name: keycloakx type: ClusterIP --- apiVersion: v1 kind: Service metadata: labels: app.kubernetes.io/component: http app.kubernetes.io/instance: keycloak app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: keycloakx app.kubernetes.io/version: 26.4.0 helm.sh/chart: keycloakx-7.1.4 name: keycloak-keycloakx-http namespace: keycloak spec: ports: - name: http-internal port: 9000 protocol: TCP targetPort: http-internal - name: http port: 80 protocol: TCP targetPort: http - name: https port: 8443 protocol: TCP targetPort: https selector: app.kubernetes.io/instance: keycloak app.kubernetes.io/name: keycloakx type: ClusterIP --- apiVersion: apps/v1 kind: StatefulSet metadata: labels: app.kubernetes.io/instance: keycloak app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: keycloakx app.kubernetes.io/version: 26.4.0 helm.sh/chart: keycloakx-7.1.4 name: keycloak-keycloakx namespace: keycloak spec: podManagementPolicy: OrderedReady replicas: 1 selector: matchLabels: app.kubernetes.io/instance: keycloak app.kubernetes.io/name: keycloakx serviceName: keycloak-keycloakx-headless template: metadata: annotations: checksum/config-startup: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 checksum/secrets: 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a labels: app.kubernetes.io/instance: keycloak app.kubernetes.io/name: keycloakx spec: affinity: podAntiAffinity: preferredDuringSchedulingIgnoredDuringExecution: - podAffinityTerm: labelSelector: matchExpressions: - key: app.kubernetes.io/component operator: NotIn values: - test matchLabels: app.kubernetes.io/instance: keycloak app.kubernetes.io/name: keycloakx topologyKey: topology.kubernetes.io/zone weight: 100 requiredDuringSchedulingIgnoredDuringExecution: - labelSelector: matchExpressions: - key: app.kubernetes.io/component operator: NotIn values: - test matchLabels: app.kubernetes.io/instance: keycloak app.kubernetes.io/name: keycloakx topologyKey: kubernetes.io/hostname containers: - command: - /opt/keycloak/bin/kc.sh - start - --http-port=8080 - --hostname=https://iam.borninpain.de env: - name: KC_HTTP_RELATIVE_PATH value: / - name: KC_CACHE value: ispn - name: KC_CACHE_STACK value: jdbc-ping - name: KC_PROXY_HEADERS value: xforwarded - name: KC_HTTP_ENABLED value: "true" - name: KC_DB value: postgres - name: KC_DB_URL_HOST value: cnpg-keycloak-cluster-rw.keycloak.svc.cluster.local - name: KC_DB_URL_PORT value: "5432" - name: KC_DB_URL_DATABASE value: keycloak - name: KC_DB_USERNAME value: keycloak - name: KC_DB_PASSWORD valueFrom: secretKeyRef: key: password name: cnpg-keycloak-cluster-app - name: KC_METRICS_ENABLED value: "true" - name: KC_HEALTH_ENABLED value: "true" envFrom: null image: quay.io/keycloak/keycloak:26.4.0 imagePullPolicy: IfNotPresent livenessProbe: httpGet: path: /health/live port: http-internal scheme: HTTP initialDelaySeconds: 0 timeoutSeconds: 5 name: keycloak ports: - containerPort: 8080 name: http protocol: TCP - containerPort: 9000 name: http-internal protocol: TCP - containerPort: 8443 name: https protocol: TCP readinessProbe: httpGet: path: /health/ready port: http-internal scheme: HTTP initialDelaySeconds: 10 timeoutSeconds: 1 resources: {} securityContext: runAsNonRoot: true runAsUser: 1000 startupProbe: failureThreshold: 60 httpGet: path: /health port: http-internal scheme: HTTP initialDelaySeconds: 15 periodSeconds: 5 timeoutSeconds: 1 volumeMounts: null enableServiceLinks: true initContainers: - command: - sh - -c - | echo 'Waiting for Database to become ready...' until printf "." && nc -z -w 2 cnpg-keycloak-cluster-rw.keycloak.svc.cluster.local 5432; do sleep 2; done; echo 'Database OK ✓' image: docker.io/busybox:1.32 imagePullPolicy: IfNotPresent name: dbchecker resources: limits: cpu: 20m memory: 32Mi requests: cpu: 20m memory: 32Mi securityContext: allowPrivilegeEscalation: false runAsGroup: 1000 runAsNonRoot: true runAsUser: 1000 restartPolicy: Always securityContext: fsGroup: 1000 serviceAccountName: keycloak-keycloakx terminationGracePeriodSeconds: 60 volumes: null updateStrategy: type: RollingUpdate --- apiVersion: batch/v1 kind: Job metadata: annotations: helm.sh/hook: test helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded labels: app.kubernetes.io/component: database-ping-test name: cnpg-keycloak-cluster-ping-test namespace: keycloak spec: template: metadata: labels: app.kubernetes.io/component: database-ping-test name: cnpg-keycloak-cluster-ping-test spec: containers: - args: - -c - apk add postgresql-client && psql "postgresql://$PGUSER:$PGPASS@cnpg-keycloak-cluster-rw.keycloak.svc.cluster.local:5432/${PGDBNAME:-$PGUSER}" -c 'SELECT 1' command: - sh env: - name: PGUSER valueFrom: secretKeyRef: key: username name: cnpg-keycloak-cluster-app - name: PGPASS valueFrom: secretKeyRef: key: password name: cnpg-keycloak-cluster-app - name: PGDBNAME valueFrom: secretKeyRef: key: dbname name: cnpg-keycloak-cluster-app optional: true image: alpine:3.17 name: alpine restartPolicy: Never --- apiVersion: postgresql.cnpg.io/v1 kind: Cluster metadata: labels: app.kubernetes.io/instance: cnpg-keycloak app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: cluster app.kubernetes.io/part-of: cloudnative-pg helm.sh/chart: cluster-0.3.1 name: cnpg-keycloak-cluster namespace: keycloak spec: affinity: topologyKey: kubernetes.io/hostname bootstrap: initdb: database: keycloak owner: keycloak enablePDB: true enableSuperuserAccess: true imageName: ghcr.io/cloudnative-pg/postgresql:17 imagePullPolicy: IfNotPresent instances: 3 logLevel: info monitoring: disableDefaultQueries: false enablePodMonitor: false postgresGID: 26 postgresUID: 26 postgresql: null primaryUpdateMethod: switchover primaryUpdateStrategy: unsupervised storage: size: 10Gi storageClass: openebs-hostpath walStorage: size: 1Gi storageClass: openebs-hostpath