97 lines
2.0 KiB
YAML
97 lines
2.0 KiB
YAML
apiVersion: k8s.keycloak.org/v2alpha1
|
|
kind: Keycloak
|
|
metadata:
|
|
name: keycloak
|
|
namespace: {{ .Env.KEYCLOAK_NAMESPACE }}
|
|
spec:
|
|
instances: 1
|
|
image: quay.io/keycloak/keycloak:26.3.4
|
|
startOptimized: false
|
|
|
|
# Database configuration for external PostgreSQL
|
|
db:
|
|
vendor: postgres
|
|
host: postgres-cluster-rw.postgres
|
|
port: 5432
|
|
database: keycloak
|
|
usernameSecret:
|
|
name: database-config
|
|
key: user
|
|
passwordSecret:
|
|
name: database-config
|
|
key: password
|
|
|
|
# Hostname configuration
|
|
hostname:
|
|
hostname: {{ .Env.KEYCLOAK_HOST }}
|
|
strict: false
|
|
strictBackchannel: false
|
|
|
|
# HTTP configuration
|
|
http:
|
|
httpEnabled: true
|
|
httpPort: 8080
|
|
httpsPort: 8443
|
|
|
|
# Proxy configuration for edge proxy
|
|
proxy:
|
|
headers: xforwarded
|
|
|
|
# Additional options and admin configuration
|
|
additionalOptions:
|
|
- name: http-enabled
|
|
value: "true"
|
|
- name: hostname-strict
|
|
value: "false"
|
|
- name: hostname-strict-https
|
|
value: "false"
|
|
- name: proxy
|
|
value: edge
|
|
|
|
# Bootstrap admin configuration
|
|
bootstrapAdmin:
|
|
user:
|
|
secret: keycloak-bootstrap-admin
|
|
|
|
# Resources
|
|
resources:
|
|
requests:
|
|
memory: "1.5Gi"
|
|
cpu: "500m"
|
|
limits:
|
|
memory: "2Gi"
|
|
cpu: "1000m"
|
|
|
|
# Ingress configuration (disabled - using separate Ingress resource)
|
|
ingress:
|
|
enabled: false
|
|
|
|
---
|
|
# Separate Ingress resource for custom configuration
|
|
apiVersion: networking.k8s.io/v1
|
|
kind: Ingress
|
|
metadata:
|
|
name: keycloak-ingress
|
|
namespace: {{ .Env.KEYCLOAK_NAMESPACE }}
|
|
annotations:
|
|
kubernetes.io/ingress.class: traefik
|
|
traefik.ingress.kubernetes.io/router.entrypoints: websecure
|
|
spec:
|
|
ingressClassName: traefik
|
|
tls:
|
|
- hosts:
|
|
- {{ .Env.KEYCLOAK_HOST }}
|
|
secretName: keycloak-tls
|
|
rules:
|
|
- host: {{ .Env.KEYCLOAK_HOST }}
|
|
http:
|
|
paths:
|
|
- path: /
|
|
pathType: Prefix
|
|
backend:
|
|
service:
|
|
name: keycloak-service
|
|
port:
|
|
number: 8080
|
|
|