apiVersion: v1 kind: Namespace metadata: name: keycloak-dev --- apiVersion: v1 kind: Secret type: Opaque metadata: name: keycloak-back-cred namespace: keycloak-dev data: KEYCLOAK_FRONTEND_URL: aHR0cHM6Ly9zc28uZGV2LmVzc29jb2RlLnJ1L2F1dGg= TZ: RXVyb3BlL01vc2Nvdw== DB_VENDOR: UE9TVEdSRVM= DB_ADDR: MjE3Ljc5LjIyLjQ2 DB_PORT: NTQzMg== DB_DATABASE: a2V5Y2xvYWtfZGI= DB_USER: cm9vdA== DB_PASSWORD: cm9vdA== KEYCLOAK_USER: YWRtaW4= KEYCLOAK_PASSWORD: YWRtaW5fcGFzc3dvcmQ= KEYCLOAK_PORT: ODA4MA== KEYCLOAK_HOST: bG9jYWxob3N0 KC_HOSTNAME: c3NvLmRldi5lc3NvY29kZS5ydQ== KC_HOSTNAME_ADMIN_URL: aHR0cHM6Ly9zc28uZGV2LmVzc29jb2RlLnJ1L2F1dGgvYWRtaW4= KC_HOSTNAME_URL: aHR0cHM6Ly9zc28uZGV2LmVzc29jb2RlLnJ1L2F1dGg= KC_PROXY: ZWRnZQ== --- apiVersion: v1 kind: Service metadata: name: keycloak namespace: keycloak-dev spec: ports: - port: 8080 targetPort: 8080 selector: app: keycloak --- apiVersion: apps/v1 kind: Deployment metadata: name: keycloak namespace: keycloak-dev spec: replicas: 1 selector: matchLabels: app: keycloak template: metadata: labels: app: keycloak spec: containers: - name: keycloak image: quay.io/keycloak/keycloak:legacy ports: - containerPort: 8080 env: - name: TZ valueFrom: secretKeyRef: name: keycloak-back-cred key: TZ - name: DB_VENDOR valueFrom: secretKeyRef: name: keycloak-back-cred key: DB_VENDOR - name: DB_ADDR valueFrom: secretKeyRef: name: keycloak-back-cred key: DB_ADDR - name: DB_PORT valueFrom: secretKeyRef: name: keycloak-back-cred key: DB_PORT - name: DB_DATABASE valueFrom: secretKeyRef: name: keycloak-back-cred key: DB_DATABASE - name: DB_USER valueFrom: secretKeyRef: name: keycloak-back-cred key: DB_USER - name: DB_PASSWORD valueFrom: secretKeyRef: name: keycloak-back-cred key: DB_PASSWORD - name: KEYCLOAK_USER valueFrom: secretKeyRef: name: keycloak-back-cred key: KEYCLOAK_USER - name: KEYCLOAK_PASSWORD valueFrom: secretKeyRef: name: keycloak-back-cred key: KEYCLOAK_PASSWORD - name: KEYCLOAK_PORT valueFrom: secretKeyRef: name: keycloak-back-cred key: KEYCLOAK_PORT - name: KEYCLOAK_HOST valueFrom: secretKeyRef: name: keycloak-back-cred key: KEYCLOAK_HOST - name: KEYCLOAK_FRONTEND_URL valueFrom: secretKeyRef: name: keycloak-back-cred key: KEYCLOAK_FRONTEND_URL - name: KC_HOSTNAME valueFrom: secretKeyRef: key: KC_HOSTNAME name: keycloak-back-cred - name: KC_HOSTNAME_URL valueFrom: secretKeyRef: key: KC_HOSTNAME_URL name: keycloak-back-cred - name: KC_HOSTNAME_ADMIN_URL valueFrom: secretKeyRef: key: KC_HOSTNAME_ADMIN_URL name: keycloak-back-cred - name: KC_PROXY valueFrom: secretKeyRef: key: KC_PROXY name: keycloak-back-cred imagePullPolicy: IfNotPresent --- apiVersion: networking.k8s.io/v1 kind: Ingress metadata: name: keycloak-ingress namespace: keycloak-dev annotations: kubernetes.io/ingress.class: nginx cert-manager.io/cluster-issuer: letsencrypt-prod cert-manager.io/issue-temporary-certificate: "true" acme.cert-manager.io/http01-edit-in-place: "true" ingress.kubernetes.io/ssl-redirect: "true" nginx.ingress.kubernetes.io/additional-headers: Content-Security-Policy spec: rules: - host: sso.dev.essocode.ru http: paths: - path: / pathType: Prefix backend: service: name: keycloak port: number: 8080 tls: - hosts: - sso.dev.essocode.ru secretName: keycloak-tls