# services/keycloak/deployment.yaml apiVersion: apps/v1 kind: Deployment metadata: name: keycloak namespace: sso labels: app: keycloak spec: replicas: 1 selector: matchLabels: app: keycloak template: metadata: labels: app: keycloak spec: containers: - name: keycloak image: quay.io/keycloak/keycloak:26.0.7 imagePullPolicy: IfNotPresent args: - start env: - name: KC_DB value: postgres - name: KC_DB_URL_HOST value: postgres-service.postgres.svc.cluster.local - name: KC_DB_URL_DATABASE valueFrom: secretKeyRef: name: keycloak-db key: database - name: KC_DB_USERNAME valueFrom: secretKeyRef: name: keycloak-db key: username - name: KC_DB_PASSWORD valueFrom: secretKeyRef: name: keycloak-db key: password - name: KC_DB_SCHEMA value: public - name: KC_HOSTNAME value: sso.bstein.dev - name: KC_PROXY value: edge - name: KC_HTTP_ENABLED value: "true" - name: KEYCLOAK_ADMIN valueFrom: secretKeyRef: name: keycloak-admin key: username - name: KEYCLOAK_ADMIN_PASSWORD valueFrom: secretKeyRef: name: keycloak-admin key: password ports: - containerPort: 8080 name: http - containerPort: 9000 name: metrics readinessProbe: httpGet: path: /health/ready port: 9000 initialDelaySeconds: 15 periodSeconds: 10 failureThreshold: 6 livenessProbe: httpGet: path: /health/live port: 9000 initialDelaySeconds: 60 periodSeconds: 15 failureThreshold: 6 volumeMounts: - name: data mountPath: /opt/keycloak/data volumes: - name: data persistentVolumeClaim: claimName: keycloak-data