-
Notifications
You must be signed in to change notification settings - Fork 24
/
Copy pathkeycloak.yaml
130 lines (130 loc) · 3.85 KB
/
keycloak.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
kind: Template
apiVersion: template.openshift.io/v1
metadata:
name: keycloak
annotations:
description: An example template for trying out Keycloak on OpenShift
iconClass: icon-sso
openshift.io/display-name: Keycloak
tags: keycloak
version: 26.0.5
objects:
- apiVersion: v1
kind: Service
metadata:
annotations:
description: The web server's http port.
labels:
application: '${APPLICATION_NAME}'
name: '${APPLICATION_NAME}'
spec:
ports:
- port: 8080
targetPort: 8080
selector:
deploymentConfig: '${APPLICATION_NAME}'
- apiVersion: v1
id: '${APPLICATION_NAME}'
kind: Route
metadata:
annotations:
description: Route for application's service.
labels:
application: '${APPLICATION_NAME}'
name: '${APPLICATION_NAME}'
spec:
host: '${HOSTNAME}'
tls:
termination: edge
to:
name: '${APPLICATION_NAME}'
- apiVersion: v1
kind: DeploymentConfig
metadata:
labels:
application: '${APPLICATION_NAME}'
name: '${APPLICATION_NAME}'
spec:
replicas: 1
selector:
deploymentConfig: '${APPLICATION_NAME}'
strategy:
type: Recreate
template:
metadata:
labels:
application: '${APPLICATION_NAME}'
deploymentConfig: '${APPLICATION_NAME}'
name: '${APPLICATION_NAME}'
spec:
containers:
- env:
- name: KEYCLOAK_ADMIN
value: '${KEYCLOAK_ADMIN}'
- name: KEYCLOAK_ADMIN_PASSWORD
value: '${KEYCLOAK_ADMIN_PASSWORD}'
- name: KC_PROXY
value: 'edge'
- name: KC_PROXY_HEADERS
value: 'forwarded'
image: quay.io/keycloak/keycloak:26.0.5
livenessProbe:
failureThreshold: 100
httpGet:
path: /
port: 8080
scheme: HTTP
initialDelaySeconds: 60
name: '${APPLICATION_NAME}'
ports:
- containerPort: 8080
protocol: TCP
readinessProbe:
failureThreshold: 300
httpGet:
path: /
port: 8080
scheme: HTTP
initialDelaySeconds: 30
securityContext:
privileged: false
volumeMounts:
- mountPath: /opt/keycloak/data
name: empty
args: ["start-dev"]
volumes:
- name: empty
emptyDir: {}
triggers:
- type: ConfigChange
parameters:
- name: APPLICATION_NAME
displayName: Application Name
description: The name for the application.
value: keycloak
required: true
- name: KEYCLOAK_ADMIN
displayName: Keycloak Administrator Username
description: Keycloak Server administrator username
generate: expression
from: '[a-zA-Z0-9]{8}'
required: true
- name: KEYCLOAK_ADMIN_PASSWORD
displayName: Keycloak Administrator Password
description: Keycloak Server administrator password
generate: expression
from: '[a-zA-Z0-9]{8}'
required: true
- name: HOSTNAME
displayName: Custom Route Hostname
description: >-
Custom hostname for the service route. Leave blank for default hostname,
e.g.: <application-name>-<namespace>.<default-domain-suffix>
- name: NAMESPACE
displayName: Namespace used for DNS discovery
description: >-
This namespace is a part of DNS query sent to Kubernetes API. This query
allows the DNS_PING protocol to extract cluster members. This parameter
might be removed once https://issues.jboss.org/browse/JGRP-2292 is
implemented.
required: true