prodwork01-mobene-keycloak/templates/keycloak/deployment_keycloak.yaml

---
apiVersion: apps/v1
kind: Deployment
metadata:
  labels:
    app.kubernetes.io/name: keycloak
  name: keycloak
spec:
  replicas: 1
  selector:
    matchLabels:
      app.kubernetes.io/name: keycloak 
  template:
    metadata:
      labels:
        app.kubernetes.io/name: keycloak
    spec:
      imagePullSecrets:
        - name: harbor-pull-secret
      securityContext: {}
      containers:
        - 
          securityContext:
            runAsUser: 1000
            runAsNonRoot: true
            allowPrivilegeEscalation: False
            capabilities:
              drop: ["ALL"]
          envFrom:
            - configMapRef:
                name: keycloak-cm-envvars 
            - secretRef:
                name: keycloak-secret-envvars
          env:
            - name: KC_DB_PASSWORD
              valueFrom:
                secretKeyRef:
                  name: keycloak-admin.postgres-cluster.credentials.postgresql.acid.zalan.do
                  key: password
            - name: KC_DB_USERNAME
              valueFrom:
                secretKeyRef:
                  name: keycloak-admin.postgres-cluster.credentials.postgresql.acid.zalan.do
                  key: username
            {{- if .Values.keycloak.image.debug }}
            - name: BITNAMI_DEBUG
              value: {{ ternary "true" "false" .Values.keycloak.image.debug | quote }}
            {{- end }}
          ports:
          - name: http
            containerPort: 8080
          - name: https
            containerPort: 8443
          {{- if .Values.keycloak.resources }}
          resources: {{- toYaml .Values.keycloak.resources | nindent 12 }}
          {{- end }}
          readinessProbe:
            httpGet:
              path: {{ .Values.keycloak.httpRelativePath }}realms/master
              port: http
            initialDelaySeconds: 30
            periodSeconds: 1
            timeoutSeconds: 5
            failureThreshold: 3
            successThreshold: 1
          livenessProbe:
            httpGet:
              path: {{ .Values.keycloak.httpRelativePath }}
              port: http
            periodSeconds: 1
            timeoutSeconds: 5
            failureThreshold: 3
            successThreshold: 1
          startupProbe:
            httpGet:
              path: {{ .Values.keycloak.httpRelativePath }}
              port: http
            initialDelaySeconds: 30
            periodSeconds: 5
            timeoutSeconds: 1
            failureThreshold: 60
            successThreshold: 1
          image: {{ .Values.keycloak.image.registry }}/{{ .Values.keycloak.image.repository }}:{{ .Values.keycloak.image.tag }}
          args:
          - "start"
          name: keycloak