--- apiVersion: apps/v1 kind: Deployment metadata: labels: app.kubernetes.io/name: keycloak name: keycloak spec: replicas: 1 selector: matchLabels: app.kubernetes.io/name: keycloak template: metadata: labels: app.kubernetes.io/name: keycloak spec: imagePullSecrets: - name: harbor-pull-secret securityContext: {} containers: - securityContext: runAsUser: 1000 runAsNonRoot: true allowPrivilegeEscalation: False capabilities: drop: ["ALL"] envFrom: - configMapRef: name: keycloak-cm-envvars - secretRef: name: keycloak-secret-envvars env: - name: KC_DB_PASSWORD valueFrom: secretKeyRef: name: keycloak-admin.postgres-cluster.credentials.postgresql.acid.zalan.do key: password - name: KC_DB_USERNAME valueFrom: secretKeyRef: name: keycloak-admin.postgres-cluster.credentials.postgresql.acid.zalan.do key: username {{- if .Values.keycloak.image.debug }} - name: BITNAMI_DEBUG value: {{ ternary "true" "false" .Values.keycloak.image.debug | quote }} {{- end }} ports: - name: http containerPort: 8080 - name: https containerPort: 8443 {{- if .Values.keycloak.resources }} resources: {{- toYaml .Values.keycloak.resources | nindent 12 }} {{- end }} readinessProbe: httpGet: path: {{ .Values.keycloak.httpRelativePath }}realms/master port: http initialDelaySeconds: 30 periodSeconds: 1 timeoutSeconds: 5 failureThreshold: 3 successThreshold: 1 livenessProbe: httpGet: path: {{ .Values.keycloak.httpRelativePath }} port: http periodSeconds: 1 timeoutSeconds: 5 failureThreshold: 3 successThreshold: 1 startupProbe: httpGet: path: {{ .Values.keycloak.httpRelativePath }} port: http initialDelaySeconds: 30 periodSeconds: 5 timeoutSeconds: 1 failureThreshold: 60 successThreshold: 1 image: {{ .Values.keycloak.image.registry }}/{{ .Values.keycloak.image.repository }}:{{ .Values.keycloak.image.tag }} args: - "start" name: keycloak