180 lines
4.7 KiB
YAML
180 lines
4.7 KiB
YAML
apiVersion: v1
|
|
kind: Namespace
|
|
metadata:
|
|
name: keycloak-dev
|
|
|
|
---
|
|
apiVersion: v1
|
|
kind: Secret
|
|
type: Opaque
|
|
metadata:
|
|
name: keycloak-back-cred
|
|
namespace: keycloak-dev
|
|
data:
|
|
KEYCLOAK_FRONTEND_URL: aHR0cHM6Ly9zc28uZGV2LmVzc29jb2RlLnJ1L2F1dGg=
|
|
TZ: RXVyb3BlL01vc2Nvdw==
|
|
DB_VENDOR: UE9TVEdSRVM=
|
|
DB_ADDR: MjE3Ljc5LjIyLjQ2
|
|
DB_PORT: NTQzMg==
|
|
DB_DATABASE: a2V5Y2xvYWtfZGI=
|
|
DB_USER: cm9vdA==
|
|
DB_PASSWORD: cm9vdA==
|
|
KEYCLOAK_USER: YWRtaW4=
|
|
KEYCLOAK_PASSWORD: YWRtaW5fcGFzc3dvcmQ=
|
|
KEYCLOAK_PORT: ODA4MA==
|
|
KEYCLOAK_HOST: bG9jYWxob3N0
|
|
KC_HOSTNAME: c3NvLmRldi5lc3NvY29kZS5ydQ==
|
|
KC_HOSTNAME_ADMIN_URL: aHR0cHM6Ly9zc28uZGV2LmVzc29jb2RlLnJ1L2F1dGgvYWRtaW4=
|
|
KC_HOSTNAME_URL: aHR0cHM6Ly9zc28uZGV2LmVzc29jb2RlLnJ1L2F1dGg=
|
|
KC_PROXY: ZWRnZQ==
|
|
|
|
---
|
|
|
|
apiVersion: v1
|
|
kind: Service
|
|
metadata:
|
|
name: keycloak
|
|
namespace: keycloak-dev
|
|
spec:
|
|
ports:
|
|
- port: 8080
|
|
targetPort: 8080
|
|
selector:
|
|
app: keycloak
|
|
|
|
---
|
|
|
|
apiVersion: apps/v1
|
|
kind: Deployment
|
|
metadata:
|
|
name: keycloak
|
|
namespace: keycloak-dev
|
|
spec:
|
|
replicas: 1
|
|
selector:
|
|
matchLabels:
|
|
app: keycloak
|
|
template:
|
|
metadata:
|
|
labels:
|
|
app: keycloak
|
|
spec:
|
|
containers:
|
|
- name: keycloak
|
|
image: quay.io/keycloak/keycloak:legacy
|
|
ports:
|
|
- containerPort: 8080
|
|
env:
|
|
- name: TZ
|
|
valueFrom:
|
|
secretKeyRef:
|
|
name: keycloak-back-cred
|
|
key: TZ
|
|
- name: DB_VENDOR
|
|
valueFrom:
|
|
secretKeyRef:
|
|
name: keycloak-back-cred
|
|
key: DB_VENDOR
|
|
- name: DB_ADDR
|
|
valueFrom:
|
|
secretKeyRef:
|
|
name: keycloak-back-cred
|
|
key: DB_ADDR
|
|
- name: DB_PORT
|
|
valueFrom:
|
|
secretKeyRef:
|
|
name: keycloak-back-cred
|
|
key: DB_PORT
|
|
- name: DB_DATABASE
|
|
valueFrom:
|
|
secretKeyRef:
|
|
name: keycloak-back-cred
|
|
key: DB_DATABASE
|
|
- name: DB_USER
|
|
valueFrom:
|
|
secretKeyRef:
|
|
name: keycloak-back-cred
|
|
key: DB_USER
|
|
- name: DB_PASSWORD
|
|
valueFrom:
|
|
secretKeyRef:
|
|
name: keycloak-back-cred
|
|
key: DB_PASSWORD
|
|
- name: KEYCLOAK_USER
|
|
valueFrom:
|
|
secretKeyRef:
|
|
name: keycloak-back-cred
|
|
key: KEYCLOAK_USER
|
|
- name: KEYCLOAK_PASSWORD
|
|
valueFrom:
|
|
secretKeyRef:
|
|
name: keycloak-back-cred
|
|
key: KEYCLOAK_PASSWORD
|
|
- name: KEYCLOAK_PORT
|
|
valueFrom:
|
|
secretKeyRef:
|
|
name: keycloak-back-cred
|
|
key: KEYCLOAK_PORT
|
|
- name: KEYCLOAK_HOST
|
|
valueFrom:
|
|
secretKeyRef:
|
|
name: keycloak-back-cred
|
|
key: KEYCLOAK_HOST
|
|
- name: KEYCLOAK_FRONTEND_URL
|
|
valueFrom:
|
|
secretKeyRef:
|
|
name: keycloak-back-cred
|
|
key: KEYCLOAK_FRONTEND_URL
|
|
- name: KC_HOSTNAME
|
|
valueFrom:
|
|
secretKeyRef:
|
|
key: KC_HOSTNAME
|
|
name: keycloak-back-cred
|
|
- name: KC_HOSTNAME_URL
|
|
valueFrom:
|
|
secretKeyRef:
|
|
key: KC_HOSTNAME_URL
|
|
name: keycloak-back-cred
|
|
- name: KC_HOSTNAME_ADMIN_URL
|
|
valueFrom:
|
|
secretKeyRef:
|
|
key: KC_HOSTNAME_ADMIN_URL
|
|
name: keycloak-back-cred
|
|
- name: KC_PROXY
|
|
valueFrom:
|
|
secretKeyRef:
|
|
key: KC_PROXY
|
|
name: keycloak-back-cred
|
|
imagePullPolicy: IfNotPresent
|
|
|
|
---
|
|
|
|
apiVersion: networking.k8s.io/v1
|
|
kind: Ingress
|
|
metadata:
|
|
name: keycloak-ingress
|
|
namespace: keycloak-dev
|
|
annotations:
|
|
kubernetes.io/ingress.class: nginx
|
|
cert-manager.io/cluster-issuer: letsencrypt-prod
|
|
cert-manager.io/issue-temporary-certificate: "true"
|
|
acme.cert-manager.io/http01-edit-in-place: "true"
|
|
ingress.kubernetes.io/ssl-redirect: "true"
|
|
nginx.ingress.kubernetes.io/additional-headers: Content-Security-Policy
|
|
spec:
|
|
rules:
|
|
- host: sso.dev.essocode.ru
|
|
http:
|
|
paths:
|
|
- path: /
|
|
pathType: Prefix
|
|
backend:
|
|
service:
|
|
name: keycloak
|
|
port:
|
|
number: 8080
|
|
tls:
|
|
- hosts:
|
|
- sso.dev.essocode.ru
|
|
secretName: keycloak-tls
|