Initial upload

otc/ABC/stacks/ref-implementation/keycloak/manifests/install.yaml

@@ -0,0 +1,163 @@
+---
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: keycloak
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: keycloak
+  labels:
+    app: keycloak
+spec:
+  ports:
+    - name: http
+      port: 8080
+      targetPort: 8080
+  selector:
+    app: keycloak
+  type: ClusterIP
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  labels:
+    app: keycloak
+  name: keycloak
+  namespace: keycloak
+  annotations:
+    argocd.argoproj.io/sync-wave: "10"
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: keycloak
+  template:
+    metadata:
+      labels:
+        app: keycloak
+    spec:
+      containers:
+        - args:
+            - start-dev
+          env:
+            - name: KEYCLOAK_ADMIN
+              value: cnoe-admin
+            - name: KEYCLOAK_LOGLEVEL
+              value: ALL
+            - name: QUARKUS_TRANSACTION_MANAGER_ENABLE_RECOVERY
+              value: 'true'
+          envFrom:
+            - secretRef:
+                name: keycloak-config
+          image: quay.io/keycloak/keycloak:22.0.3
+          name: keycloak
+          ports:
+            - containerPort: 8080
+              name: http
+          readinessProbe:
+            httpGet:
+              path: /keycloak/realms/master
+              port: 8080
+          volumeMounts:
+            - mountPath: /opt/keycloak/conf
+              name: keycloak-config
+              readOnly: true
+      volumes:
+        - configMap:
+            name: keycloak-config
+          name: keycloak-config
+---
+apiVersion: v1
+data:
+  keycloak.conf: |
+    # Database
+    # The database vendor.
+    db=postgres
+    
+    # The username of the database user.
+    db-url=jdbc:postgresql://postgresql.keycloak.svc.cluster.local:5432/postgres
+
+    # The proxy address forwarding mode if the server is behind a reverse proxy.
+    proxy=edge
+    
+    # hostname configuration
+    hostname=ABC
+    http-relative-path=keycloak
+    
+    # the admin url requires its own configuration to reflect correct url
+    
+    hostname-debug=true
+    
+    # this should only be allowed in development. NEVER in production.
+    hostname-strict=false
+    hostname-strict-backchannel=false
+    
+
+kind: ConfigMap
+metadata:
+  name: keycloak-config
+  namespace: keycloak
+---
+apiVersion: v1
+kind: Service
+metadata:
+  labels:
+    app: postgresql
+  name: postgresql
+  namespace: keycloak
+spec:
+  clusterIP: None
+  ports:
+    - name: postgres
+      port: 5432
+  selector:
+    app: postgresql
+---
+apiVersion: apps/v1
+kind: StatefulSet
+metadata:
+  labels:
+    app: postgresql
+  name: postgresql
+  namespace: keycloak
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: postgresql
+  serviceName: service-postgresql
+  template:
+    metadata:
+      labels:
+        app: postgresql
+    spec:
+      containers:
+        - envFrom:
+            - secretRef:
+                name: keycloak-config
+          image: docker.io/library/postgres:15.3-alpine3.18
+          name: postgres
+          ports:
+            - containerPort: 5432
+              name: postgresdb
+          resources:
+            limits:
+              memory: 500Mi
+            requests:
+              cpu: 100m
+              memory: 300Mi
+          volumeMounts:
+            - name: data
+              mountPath: /var/lib/postgresql/data
+              subPath: postgres
+  volumeClaimTemplates:
+  - metadata:
+      name: data
+    spec:
+      accessModes: ["ReadWriteOnce"]
+      resources:
+        requests:
+          storage: "500Mi"
+