aboutsummaryrefslogtreecommitdiffstats
path: root/kubernetes/namespaces/tooling/keycloak/deployment.yaml
diff options
context:
space:
mode:
Diffstat (limited to 'kubernetes/namespaces/tooling/keycloak/deployment.yaml')
-rw-r--r--kubernetes/namespaces/tooling/keycloak/deployment.yaml51
1 files changed, 51 insertions, 0 deletions
diff --git a/kubernetes/namespaces/tooling/keycloak/deployment.yaml b/kubernetes/namespaces/tooling/keycloak/deployment.yaml
new file mode 100644
index 0000000..f5cdca3
--- /dev/null
+++ b/kubernetes/namespaces/tooling/keycloak/deployment.yaml
@@ -0,0 +1,51 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+ name: keycloak
+ labels:
+ app: keycloak
+ namespace: tooling
+spec:
+ replicas: 1
+ selector:
+ matchLabels:
+ app: keycloak
+ template:
+ metadata:
+ labels:
+ app: keycloak
+ annotations:
+ vault.hashicorp.com/agent-inject: "true"
+ vault.hashicorp.com/agent-init-first: "true"
+ vault.hashicorp.com/agent-inject-secret-server.key: "internal-tls/issue/internal-tls"
+ vault.hashicorp.com/agent-inject-template-server.key: |
+ {{- with secret "internal-tls/issue/internal-tls" "common_name=id.pydis.wtf" -}}
+ {{ .Data.private_key }}
+ {{- end }}
+ vault.hashicorp.com/agent-inject-secret-server.crt: "internal-tls/issue/internal-tls"
+ vault.hashicorp.com/agent-inject-template-server.crt: |
+ {{- with secret "internal-tls/issue/internal-tls" "common_name=id.pydis.wtf" -}}
+ {{ .Data.certificate }}
+ {{- end }}
+ vault.hashicorp.com/role: "internal-tls-issuer"
+ spec:
+ serviceAccountName: internal-tls-issuer
+ containers:
+ - name: keycloak
+ image: quay.io/keycloak/keycloak:25.0.1
+ args: ["start"]
+ envFrom:
+ - secretRef:
+ name: keycloak-secret-env
+ - configMapRef:
+ name: keycloak-config-env
+ ports:
+ - name: http
+ containerPort: 8080
+ - name: https
+ containerPort: 8443
+ readinessProbe:
+ httpGet:
+ path: /realms/master
+ port: 8443
+ scheme: HTTPS
generated by cgit v1.2.3 (git 2.39.1) at 2025-11-02 21:03:43 +0000