Add Kubernetes manifests for Keycloak deployment

adorsys · Dec 9, 2024 · dd94caf · dd94caf
1 parent 1d3b286
commit dd94caf
Show file tree

Hide file tree

Showing 2 changed files with 12 additions and 17 deletions.
diff --git a/deployment_manifest/keycloak.yaml b/deployment_manifest/keycloak.yaml
@@ -5,6 +5,7 @@ metadata:
   name: keycloak
   labels:
     app: keycloak
+  namespace: datev-wallet
 spec:
   replicas: 1
   selector:
@@ -15,45 +16,36 @@ spec:
       labels:
         app: keycloak
     spec:
+      imagePullSecrets:
+      - name: ghcr-pull-secret
       containers:
       - name: keycloak
-        image: quay.io/keycloak/keycloak:26.0.5
+        image: ghcr.io/adorsys/keycloak-ssi-deployment:latest
         env:
-        - name: KC_DB
-          value: postgres
-        - name: KC_DB_URL_HOST
+        - name: KC_DB_HOST
           value: postgres-service
-        - name: KC_DB_URL_DATABASE
+        - name: KC_DB_NAME
           value: keycloak
-        - name: KC_DB_URL_PORT
+        - name: KC_DB_EXPOSED_PORT
           value: "5432"
         - name: KC_DB_USERNAME
           value: keycloak
         - name: KC_DB_PASSWORD
           value: keycloak
+        - name: KC_DB_OPTS
+          value: "-db postgres --db-url jdbc:postgresql://postgres-service:5432/keycloak --db-username keycloak--db-password keycloak"
 
          # Admin user configurations  
-        - name: KC_HOSTNAME
-          value: keycloak
         - name: KC_BOOTSTRAP_ADMIN_USERNAME
           value: admin
         - name: KC_BOOTSTRAP_ADMIN_PASSWORD
           value: admin
         - name: KEYCLOAK_HTTPS_PORT
           value: "8443"
-        - name: KC_SERVER_CERT
-          value: /path/to/certificate.crt
-        - name: KC_SERVER_KEY
-          value: /path/to/private.key
         ports:
         - containerPort: 8443
         args:
-          - start-dev --features=oid4vc-vci
           - '--spi-db-schema-manager-updates=update'
-          - '--hostname-strict=false'
-          - '--https-port=$(KEYCLOAK_HTTPS_PORT)'
-          - '--https-certificate-file=$(KC_SERVER_CERT)'
-          - '--https-certificate-key-file=$(KC_SERVER_KEY)'
         volumeMounts:
         - mountPath: /opt/keycloak/data
           name: keycloak-data
@@ -65,6 +57,7 @@ apiVersion: v1
 kind: Service
 metadata:
   name: keycloak
+  namespace: datev-wallet
 spec:
   type: LoadBalancer
   selector:

diff --git a/deployment_manifest/postgres.yaml b/deployment_manifest/postgres.yaml
@@ -2,6 +2,7 @@ apiVersion: apps/v1
 kind: Deployment
 metadata:
   name: postgres
+  namespace: datev-wallet
 spec:
   replicas: 1
   selector:
@@ -37,6 +38,7 @@ apiVersion: v1
 kind: Service
 metadata:
   name: postgres-service
+  namespace: datev-wallet
 spec:
   ports:
     - port: 5432