You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
195 lines
5.5 KiB
195 lines
5.5 KiB
apiVersion: v1
|
|
kind: Service
|
|
metadata:
|
|
annotations:
|
|
argocd.argoproj.io/sync-wave: "10"
|
|
service.alpha.openshift.io/serving-cert-secret-name: sso-x509-https-secret
|
|
labels:
|
|
app.kubernetes.io/name: sso
|
|
app.kubernetes.io/version: '7.6.0.GA'
|
|
app.kubernetes.io/component: keycloak
|
|
app.kubernetes.io/instance: keycloak
|
|
name: sso
|
|
namespace: {{ .Values.projectName | quote }}
|
|
spec:
|
|
ports:
|
|
- port: 8443
|
|
targetPort: 8443
|
|
selector:
|
|
app.kubernetes.io/name: sso
|
|
app.kubernetes.io/component: keycloak
|
|
app.kubernetes.io/instance: keycloak
|
|
---
|
|
apiVersion: v1
|
|
kind: Service
|
|
metadata:
|
|
annotations:
|
|
argocd.argoproj.io/sync-wave: "10"
|
|
service.alpha.openshift.io/serving-cert-secret-name: sso-x509-jgroups-secret
|
|
labels:
|
|
app.kubernetes.io/name: sso
|
|
app.kubernetes.io/version: '7.6.0.GA'
|
|
app.kubernetes.io/component: keycloak
|
|
app.kubernetes.io/instance: keycloak
|
|
name: sso-ping
|
|
namespace: {{ .Values.projectName | quote }}
|
|
spec:
|
|
clusterIP: None
|
|
ports:
|
|
- name: ping
|
|
port: 8888
|
|
publishNotReadyAddresses: true
|
|
selector:
|
|
app.kubernetes.io/name: sso
|
|
app.kubernetes.io/component: keycloak
|
|
app.kubernetes.io/instance: keycloak
|
|
---
|
|
apiVersion: route.openshift.io/v1
|
|
kind: Route
|
|
metadata:
|
|
annotations:
|
|
argocd.argoproj.io/sync-wave: "10"
|
|
labels:
|
|
app.kubernetes.io/name: sso
|
|
app.kubernetes.io/version: '7.6.0.GA'
|
|
app.kubernetes.io/component: keycloak
|
|
app.kubernetes.io/instance: keycloak
|
|
name: sso
|
|
namespace: {{ .Values.projectName | quote }}
|
|
spec:
|
|
host: {{ .Values.sso.hostname | quote }}
|
|
tls:
|
|
termination: reencrypt
|
|
to:
|
|
kind: Service
|
|
name: sso
|
|
---
|
|
apiVersion: apps/v1
|
|
kind: Deployment
|
|
metadata:
|
|
annotations:
|
|
argocd.argoproj.io/sync-wave: "10"
|
|
labels:
|
|
app.kubernetes.io/name: sso
|
|
app.kubernetes.io/version: '7.6.0.GA'
|
|
app.kubernetes.io/component: keycloak
|
|
app.kubernetes.io/instance: keycloak
|
|
name: sso
|
|
namespace: {{ .Values.projectName | quote }}
|
|
spec:
|
|
replicas: 1
|
|
selector:
|
|
matchLabels:
|
|
app.kubernetes.io/name: sso
|
|
app.kubernetes.io/component: keycloak
|
|
app.kubernetes.io/instance: keycloak
|
|
template:
|
|
metadata:
|
|
labels:
|
|
app.kubernetes.io/name: sso
|
|
app.kubernetes.io/component: keycloak
|
|
app.kubernetes.io/instance: keycloak
|
|
spec:
|
|
containers:
|
|
- env:
|
|
- name: SSO_HOSTNAME
|
|
value: {{ .Values.sso.hostname | quote }}
|
|
- name: DB_SERVICE_PREFIX_MAPPING
|
|
value: sso-postgresql=DB
|
|
- name: SSO_POSTGRESQL_SERVICE_HOST
|
|
value: postgresql-server
|
|
- name: SSO_POSTGRESQL_SERVICE_PORT
|
|
value: "5432"
|
|
- name: DB_JNDI
|
|
value: java:jboss/datasources/KeycloakDS
|
|
- name: DB_USERNAME
|
|
value: sso
|
|
- name: DB_PASSWORD
|
|
valueFrom:
|
|
secretKeyRef:
|
|
name: demo-seed
|
|
key: sso-database-password
|
|
- name: DB_DATABASE
|
|
value: sso
|
|
- name: TX_DATABASE_PREFIX_MAPPING
|
|
value: sso-postgresql=DB
|
|
- name: DB_MIN_POOL_SIZE
|
|
- name: DB_MAX_POOL_SIZE
|
|
- name: DB_TX_ISOLATION
|
|
- name: JGROUPS_PING_PROTOCOL
|
|
value: openshift.DNS_PING
|
|
- name: OPENSHIFT_DNS_PING_SERVICE_NAME
|
|
value: sso-ping
|
|
- name: OPENSHIFT_DNS_PING_SERVICE_PORT
|
|
value: "8888"
|
|
- name: X509_CA_BUNDLE
|
|
value: /var/run/secrets/kubernetes.io/serviceaccount/service-ca.crt /var/run/secrets/kubernetes.io/serviceaccount/ca.crt
|
|
- name: JGROUPS_CLUSTER_PASSWORD
|
|
value: djqqleTNBaVqjl3nsA5Ku3LNCGYSAiB5
|
|
- name: SSO_ADMIN_USERNAME
|
|
value: admin
|
|
- name: SSO_ADMIN_PASSWORD
|
|
valueFrom:
|
|
secretKeyRef:
|
|
name: demo-seed
|
|
key: sso-admin-password
|
|
- name: SSO_REALM
|
|
- name: SSO_SERVICE_USERNAME
|
|
- name: SSO_SERVICE_PASSWORD
|
|
image: registry.redhat.io/rh-sso-7/sso76-openshift-rhel8:7.6
|
|
imagePullPolicy: Always
|
|
livenessProbe:
|
|
failureThreshold: 3
|
|
periodSeconds: 10
|
|
successThreshold: 1
|
|
timeoutSeconds: 1
|
|
exec:
|
|
command:
|
|
- /bin/bash
|
|
- -c
|
|
- /opt/eap/bin/livenessProbe.sh
|
|
initialDelaySeconds: 60
|
|
name: sso
|
|
ports:
|
|
- containerPort: 8778
|
|
name: jolokia
|
|
protocol: TCP
|
|
- containerPort: 8080
|
|
name: http
|
|
protocol: TCP
|
|
- containerPort: 8443
|
|
name: https
|
|
protocol: TCP
|
|
- containerPort: 8888
|
|
name: ping
|
|
protocol: TCP
|
|
readinessProbe:
|
|
failureThreshold: 3
|
|
periodSeconds: 10
|
|
successThreshold: 1
|
|
timeoutSeconds: 1
|
|
exec:
|
|
command:
|
|
- /bin/bash
|
|
- -c
|
|
- /opt/eap/bin/readinessProbe.sh
|
|
resources:
|
|
limits:
|
|
memory: 1Gi
|
|
terminationMessagePath: /dev/termination-log
|
|
terminationMessagePolicy: File
|
|
volumeMounts:
|
|
- mountPath: /etc/x509/https
|
|
name: sso-x509-https-volume
|
|
readOnly: true
|
|
- mountPath: /etc/x509/jgroups
|
|
name: sso-x509-jgroups-volume
|
|
readOnly: true
|
|
terminationGracePeriodSeconds: 30
|
|
volumes:
|
|
- name: sso-x509-https-volume
|
|
secret:
|
|
secretName: sso-x509-https-secret
|
|
- name: sso-x509-jgroups-volume
|
|
secret:
|
|
secretName: sso-x509-jgroups-secret
|
|
|