forked from cloud/manifests
parent
671a3e1344
commit
c9ec56c3be
@ -0,0 +1,113 @@ |
||||
apiVersion: v1 |
||||
kind: PersistentVolumeClaim |
||||
metadata: |
||||
namespace: syscom |
||||
name: keycloak-spi-pvc |
||||
spec: |
||||
storageClassName: cloudstack-storage |
||||
accessModes: |
||||
- ReadWriteOnce |
||||
resources: |
||||
requests: |
||||
storage: 5Mi |
||||
--- |
||||
apiVersion: v1 |
||||
kind: ConfigMap |
||||
metadata: |
||||
namespace: syscom |
||||
name: keycloak-config |
||||
data: |
||||
DB_VENDOR: mysql |
||||
DB_ADDR: mariadb.cloud.csclub.uwaterloo.ca |
||||
DB_PORT: "3306" |
||||
DB_DATABASE: keycloak |
||||
--- |
||||
apiVersion: apps/v1 |
||||
kind: Deployment |
||||
metadata: |
||||
namespace: syscom |
||||
name: keycloak |
||||
labels: |
||||
app: keycloak |
||||
spec: |
||||
selector: |
||||
matchLabels: |
||||
app: keycloak |
||||
template: |
||||
metadata: |
||||
labels: |
||||
app: keycloak |
||||
spec: |
||||
containers: |
||||
- name: keycloak |
||||
image: quay.io/keycloak/keycloak:16.1.0 |
||||
volumeMounts: |
||||
- mountPath: "/opt/jboss/keycloak/standalone/deployments" |
||||
name: keycloak-spi-pv |
||||
subPath: keycloak-spi |
||||
ports: |
||||
- name: http |
||||
containerPort: 8080 |
||||
env: |
||||
- name: PROXY_ADDRESS_FORWARDING |
||||
value: "true" |
||||
- name: DB_VENDOR |
||||
valueFrom: |
||||
configMapKeyRef: {"name": "keycloak-config", "key": "DB_VENDOR"} |
||||
- name: DB_ADDR |
||||
valueFrom: |
||||
configMapKeyRef: {"name": "keycloak-config", "key": "DB_ADDR"} |
||||
- name: DB_PORT |
||||
valueFrom: |
||||
configMapKeyRef: {"name": "keycloak-config", "key": "DB_PORT"} |
||||
- name: DB_DATABASE |
||||
valueFrom: |
||||
configMapKeyRef: {"name": "keycloak-config", "key": "DB_DATABASE"} |
||||
# e.g. kubectl -n syscom create secret generic keycloak-secret --from-literal=DB_USER=user ... |
||||
- name: DB_USER |
||||
valueFrom: |
||||
secretKeyRef: {"name": "keycloak-secret", "key": "DB_USER"} |
||||
- name: DB_PASSWORD |
||||
valueFrom: |
||||
secretKeyRef: {"name": "keycloak-secret", "key": "DB_PASSWORD"} |
||||
- name: KEYCLOAK_USER |
||||
valueFrom: |
||||
secretKeyRef: {"name": "keycloak-secret", "key": "KEYCLOAK_USER"} |
||||
- name: KEYCLOAK_PASSWORD |
||||
valueFrom: |
||||
secretKeyRef: {"name": "keycloak-secret", "key": "KEYCLOAK_PASSWORD"} |
||||
volumes: |
||||
- name: keycloak-spi-pv |
||||
persistentVolumeClaim: |
||||
claimName: keycloak-spi-pvc |
||||
--- |
||||
apiVersion: v1 |
||||
kind: Service |
||||
metadata: |
||||
name: keycloak-service |
||||
namespace: syscom |
||||
spec: |
||||
selector: |
||||
app: keycloak |
||||
ports: |
||||
- protocol: TCP |
||||
port: 8080 |
||||
targetPort: 8080 |
||||
--- |
||||
apiVersion: networking.k8s.io/v1 |
||||
kind: Ingress |
||||
metadata: |
||||
name: keycloak-ingress |
||||
namespace: syscom |
||||
spec: |
||||
rules: |
||||
- host: keycloak.csclub.uwaterloo.ca |
||||
http: |
||||
paths: |
||||
- pathType: Prefix |
||||
path: / |
||||
backend: |
||||
service: |
||||
name: keycloak-service |
||||
port: |
||||
number: 8080 |
@ -0,0 +1,4 @@ |
||||
apiVersion: v1 |
||||
kind: Namespace |
||||
metadata: |
||||
name: syscom |
Loading…
Reference in new issue