apiVersion: v1
kind: Service
metadata:
  annotations:
    argocd.argoproj.io/sync-wave: "10"
    service.alpha.openshift.io/serving-cert-secret-name: sso-x509-https-secret
  labels:
    app.kubernetes.io/name: sso
    app.kubernetes.io/version: '7.6.0.GA'
    app.kubernetes.io/component: keycloak
    app.kubernetes.io/instance: keycloak
  name: sso
  namespace: {{ .Values.projectName | quote }}
spec:
  ports:
  - port: 8443
    targetPort: 8443
  selector:
    app.kubernetes.io/name: sso
    app.kubernetes.io/component: keycloak
    app.kubernetes.io/instance: keycloak
---
apiVersion: v1
kind: Service
metadata:
  annotations:
    argocd.argoproj.io/sync-wave: "10"
    service.alpha.openshift.io/serving-cert-secret-name: sso-x509-jgroups-secret
  labels:
    app.kubernetes.io/name: sso
    app.kubernetes.io/version: '7.6.0.GA'
    app.kubernetes.io/component: keycloak
    app.kubernetes.io/instance: keycloak
  name: sso-ping
  namespace: {{ .Values.projectName | quote }}
spec:
  clusterIP: None
  ports:
  - name: ping
    port: 8888
  publishNotReadyAddresses: true
  selector:
    app.kubernetes.io/name: sso
    app.kubernetes.io/component: keycloak
    app.kubernetes.io/instance: keycloak
---
apiVersion: route.openshift.io/v1
kind: Route
metadata:
  annotations:
    argocd.argoproj.io/sync-wave: "10"
  labels:
    app.kubernetes.io/name: sso
    app.kubernetes.io/version: '7.6.0.GA'
    app.kubernetes.io/component: keycloak
    app.kubernetes.io/instance: keycloak
  name: sso
  namespace: {{ .Values.projectName | quote }}
spec:
  host: {{ .Values.sso.hostname | quote }}
  tls:
    termination: reencrypt
  to:
    kind: Service
    name: sso
---
apiVersion: apps/v1
kind: Deployment
metadata:
  annotations:
    argocd.argoproj.io/sync-wave: "10"
  labels:
    app.kubernetes.io/name: sso
    app.kubernetes.io/version: '7.6.0.GA'
    app.kubernetes.io/component: keycloak
    app.kubernetes.io/instance: keycloak
  name: sso
  namespace: {{ .Values.projectName | quote }}
spec:
  replicas: 1
  selector:
    matchLabels:
      app.kubernetes.io/name: sso
      app.kubernetes.io/component: keycloak
      app.kubernetes.io/instance: keycloak
  template:
    metadata:
      labels:
        app.kubernetes.io/name: sso
        app.kubernetes.io/component: keycloak
        app.kubernetes.io/instance: keycloak
    spec:
      containers:
      - env:
        - name: SSO_HOSTNAME
          value: {{ .Values.sso.hostname | quote }}
        - name: DB_SERVICE_PREFIX_MAPPING
          value: sso-postgresql=DB
        - name: SSO_POSTGRESQL_SERVICE_HOST
          value: postgresql-server
        - name: SSO_POSTGRESQL_SERVICE_PORT
          value: "5432"
        - name: DB_JNDI
          value: java:jboss/datasources/KeycloakDS
        - name: DB_USERNAME
          value: sso
        - name: DB_PASSWORD
          valueFrom:
            secretKeyRef:
              name: demo-seed
              key: sso-database-password
        - name: DB_DATABASE
          value: sso
        - name: TX_DATABASE_PREFIX_MAPPING
          value: sso-postgresql=DB
        - name: DB_MIN_POOL_SIZE
        - name: DB_MAX_POOL_SIZE
        - name: DB_TX_ISOLATION
        - name: JGROUPS_PING_PROTOCOL
          value: openshift.DNS_PING
        - name: OPENSHIFT_DNS_PING_SERVICE_NAME
          value: sso-ping
        - name: OPENSHIFT_DNS_PING_SERVICE_PORT
          value: "8888"
        - name: X509_CA_BUNDLE
          value: /var/run/secrets/kubernetes.io/serviceaccount/service-ca.crt /var/run/secrets/kubernetes.io/serviceaccount/ca.crt
        - name: JGROUPS_CLUSTER_PASSWORD
          value: djqqleTNBaVqjl3nsA5Ku3LNCGYSAiB5
        - name: SSO_ADMIN_USERNAME
          value: admin
        - name: SSO_ADMIN_PASSWORD
          valueFrom:
            secretKeyRef:
              name: demo-seed
              key: sso-admin-password
        - name: SSO_REALM
        - name: SSO_SERVICE_USERNAME
        - name: SSO_SERVICE_PASSWORD
        image: registry.redhat.io/rh-sso-7/sso76-openshift-rhel8:7.6
        imagePullPolicy: Always
        livenessProbe:
          failureThreshold: 3
          periodSeconds: 10
          successThreshold: 1
          timeoutSeconds: 1
          exec:
            command:
            - /bin/bash
            - -c
            - /opt/eap/bin/livenessProbe.sh
          initialDelaySeconds: 60
        name: sso
        ports:
        - containerPort: 8778
          name: jolokia
          protocol: TCP
        - containerPort: 8080
          name: http
          protocol: TCP
        - containerPort: 8443
          name: https
          protocol: TCP
        - containerPort: 8888
          name: ping
          protocol: TCP
        readinessProbe:
          failureThreshold: 3
          periodSeconds: 10
          successThreshold: 1
          timeoutSeconds: 1
          exec:
            command:
            - /bin/bash
            - -c
            - /opt/eap/bin/readinessProbe.sh
        resources:
          limits:
            memory: 1Gi
        terminationMessagePath: /dev/termination-log
        terminationMessagePolicy: File
        volumeMounts:
        - mountPath: /etc/x509/https
          name: sso-x509-https-volume
          readOnly: true
        - mountPath: /etc/x509/jgroups
          name: sso-x509-jgroups-volume
          readOnly: true
      terminationGracePeriodSeconds: 30
      volumes:
      - name: sso-x509-https-volume
        secret:
          secretName: sso-x509-https-secret
      - name: sso-x509-jgroups-volume
        secret:
          secretName: sso-x509-jgroups-secret