nicolas
/
demo-apimgmt
mirror of https://github.com/nmasse-itix/demo-apimgmt.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
Demo of the Red Hat API Management solution
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
27 Commits
2 Branches
0 Tags
63 KiB
Tree: 3da24705a6
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '3da24705a6'
${ noResults }
demo-apimgmt/infrastructure/templates/sso.yaml

196 lines
5.5 KiB
Raw Blame History

apiVersion: v1
kind: Service
metadata:
annotations:
argocd.argoproj.io/sync-wave: "10"
service.alpha.openshift.io/serving-cert-secret-name: sso-x509-https-secret
labels:
app.kubernetes.io/name: sso
app.kubernetes.io/version: '7.6.0.GA'
app.kubernetes.io/component: keycloak
app.kubernetes.io/instance: keycloak
name: sso
namespace: {{ .Values.projectName | quote }}
spec:
ports:
- port: 8443
targetPort: 8443
selector:
app.kubernetes.io/name: sso
app.kubernetes.io/component: keycloak
app.kubernetes.io/instance: keycloak
---
apiVersion: v1
kind: Service
metadata:
annotations:
argocd.argoproj.io/sync-wave: "10"
service.alpha.openshift.io/serving-cert-secret-name: sso-x509-jgroups-secret
labels:
app.kubernetes.io/name: sso
app.kubernetes.io/version: '7.6.0.GA'
app.kubernetes.io/component: keycloak
app.kubernetes.io/instance: keycloak
name: sso-ping
namespace: {{ .Values.projectName | quote }}
spec:
clusterIP: None
ports:
- name: ping
port: 8888
publishNotReadyAddresses: true
selector:
app.kubernetes.io/name: sso
app.kubernetes.io/component: keycloak
app.kubernetes.io/instance: keycloak
---
apiVersion: route.openshift.io/v1
kind: Route
metadata:
annotations:
argocd.argoproj.io/sync-wave: "10"
labels:
app.kubernetes.io/name: sso
app.kubernetes.io/version: '7.6.0.GA'
app.kubernetes.io/component: keycloak
app.kubernetes.io/instance: keycloak
name: sso
namespace: {{ .Values.projectName | quote }}
spec:
host: {{ .Values.sso.hostname | quote }}
tls:
termination: reencrypt
to:
kind: Service
name: sso
port: 8443
---
apiVersion: apps/v1
kind: Deployment
metadata:
annotations:
argocd.argoproj.io/sync-wave: "10"
labels:
app.kubernetes.io/name: sso
app.kubernetes.io/version: '7.6.0.GA'
app.kubernetes.io/component: keycloak
app.kubernetes.io/instance: keycloak
name: sso
namespace: {{ .Values.projectName | quote }}
spec:
replicas: 1
selector:
matchLabels:
app.kubernetes.io/name: sso
app.kubernetes.io/component: keycloak
app.kubernetes.io/instance: keycloak
template:
metadata:
labels:
app.kubernetes.io/name: sso
app.kubernetes.io/component: keycloak
app.kubernetes.io/instance: keycloak
spec:
containers:
- env:
- name: SSO_HOSTNAME
value: {{ .Values.sso.hostname | quote }}
- name: DB_SERVICE_PREFIX_MAPPING
value: sso-postgresql=DB
- name: SSO_POSTGRESQL_SERVICE_HOST
value: postgresql-server
- name: SSO_POSTGRESQL_SERVICE_PORT
value: "5432"
- name: DB_JNDI
value: java:jboss/datasources/KeycloakDS
- name: DB_USERNAME
value: sso
- name: DB_PASSWORD
valueFrom:
secretKeyRef:
name: demo-seed
key: sso-database-password
- name: DB_DATABASE
value: sso
- name: TX_DATABASE_PREFIX_MAPPING
value: sso-postgresql=DB
- name: DB_MIN_POOL_SIZE
- name: DB_MAX_POOL_SIZE
- name: DB_TX_ISOLATION
- name: JGROUPS_PING_PROTOCOL
value: openshift.DNS_PING
- name: OPENSHIFT_DNS_PING_SERVICE_NAME
value: sso-ping
- name: OPENSHIFT_DNS_PING_SERVICE_PORT
value: "8888"
- name: X509_CA_BUNDLE
value: /var/run/secrets/kubernetes.io/serviceaccount/service-ca.crt /var/run/secrets/kubernetes.io/serviceaccount/ca.crt
- name: JGROUPS_CLUSTER_PASSWORD
value: djqqleTNBaVqjl3nsA5Ku3LNCGYSAiB5
- name: SSO_ADMIN_USERNAME
value: admin
- name: SSO_ADMIN_PASSWORD
valueFrom:
secretKeyRef:
name: demo-seed
key: sso-admin-password
- name: SSO_REALM
- name: SSO_SERVICE_USERNAME
- name: SSO_SERVICE_PASSWORD
image: registry.redhat.io/rh-sso-7/sso76-openshift-rhel8:7.6
imagePullPolicy: Always
livenessProbe:
failureThreshold: 3
periodSeconds: 10
successThreshold: 1
timeoutSeconds: 1
exec:
command:
- /bin/bash
- -c
- /opt/eap/bin/livenessProbe.sh
initialDelaySeconds: 60
name: sso
ports:
- containerPort: 8778
name: jolokia
protocol: TCP
- containerPort: 8080
name: http
protocol: TCP
- containerPort: 8443
name: https
protocol: TCP
- containerPort: 8888
name: ping
protocol: TCP
readinessProbe:
failureThreshold: 3
periodSeconds: 10
successThreshold: 1
timeoutSeconds: 1
exec:
command:
- /bin/bash
- -c
- /opt/eap/bin/readinessProbe.sh
resources:
limits:
memory: 1Gi
terminationMessagePath: /dev/termination-log
terminationMessagePolicy: File
volumeMounts:
- mountPath: /etc/x509/https
name: sso-x509-https-volume
readOnly: true
- mountPath: /etc/x509/jgroups
name: sso-x509-jgroups-volume
readOnly: true
terminationGracePeriodSeconds: 30
volumes:
- name: sso-x509-https-volume
secret:
secretName: sso-x509-https-secret
- name: sso-x509-jgroups-volume
secret:
secretName: sso-x509-jgroups-secret