blob: d6546d932b5a82e1a46e262e4a6dd5b68d0bcf66 (
plain) (
blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
|
apiVersion: apps/v1
kind: Deployment
metadata:
name: keycloak
labels:
app: keycloak
namespace: tooling
spec:
replicas: 1
selector:
matchLabels:
app: keycloak
template:
metadata:
labels:
app: keycloak
annotations:
vault.hashicorp.com/agent-inject: "true"
vault.hashicorp.com/agent-init-first: "true"
vault.hashicorp.com/agent-inject-secret-server.key: "internal-tls/issue/internal-tls"
vault.hashicorp.com/agent-inject-template-server.key: |
{{- with secret "internal-tls/issue/internal-tls" "common_name=id.pydis.wtf" -}}
{{ .Data.private_key }}
{{- end }}
vault.hashicorp.com/agent-inject-secret-server.crt: "internal-tls/issue/internal-tls"
vault.hashicorp.com/agent-inject-template-server.crt: |
{{- with secret "internal-tls/issue/internal-tls" "common_name=id.pydis.wtf" -}}
{{ .Data.certificate }}
{{- end }}
vault.hashicorp.com/role: "internal-tls-issuer"
spec:
serviceAccountName: internal-tls-issuer
containers:
- name: keycloak
image: ghcr.io/owl-corp/keycloak:26.1.1
imagePullPolicy: Always
envFrom:
- secretRef:
name: keycloak-secret-env
- configMapRef:
name: keycloak-config-env
ports:
- name: http
containerPort: 8080
- name: https
containerPort: 8443
readinessProbe:
httpGet:
path: /realms/master
port: 8443
scheme: HTTPS
volumeMounts:
- name: ca-store
mountPath: /opt/pydis/ca-store
volumes:
- name: ca-store
configMap:
name: ipa-ca-configmap
|
