kubezero/charts/kubezero-auth/templates/keycloak/operator.yaml

238 lines
5.1 KiB
YAML

{{- if .Values.keycloak.enabled }}
---
apiVersion: v1
kind: ServiceAccount
metadata:
annotations:
app.quarkus.io/build-timestamp: 2022-12-13 - 14:29:14 +0000
labels:
app.kubernetes.io/name: keycloak-operator
app.kubernetes.io/version: 20.0.2
name: keycloak-operator
---
apiVersion: v1
kind: Service
metadata:
annotations:
app.quarkus.io/build-timestamp: 2022-12-13 - 14:29:14 +0000
labels:
app.kubernetes.io/name: keycloak-operator
app.kubernetes.io/version: 20.0.2
name: keycloak-operator
spec:
ports:
- name: http
port: 80
targetPort: 8080
selector:
app.kubernetes.io/name: keycloak-operator
app.kubernetes.io/version: 20.0.2
type: ClusterIP
---
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
name: keycloak-operator-role
rules:
- apiGroups:
- apps
- extensions
resources:
- statefulsets
verbs:
- get
- list
- watch
- create
- delete
- patch
- update
- apiGroups:
- ""
resources:
- secrets
- services
verbs:
- get
- list
- watch
- create
- delete
- patch
- update
- apiGroups:
- batch
resources:
- jobs
verbs:
- get
- list
- watch
- create
- delete
- patch
- update
- apiGroups:
- networking.k8s.io
resources:
- ingresses
verbs:
- get
- list
- watch
- create
- delete
- patch
- update
---
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
labels:
app.kubernetes.io/name: keycloak-operator
name: keycloak-operator-role-binding
roleRef:
kind: Role
apiGroup: rbac.authorization.k8s.io
name: keycloak-operator-role
subjects:
- kind: ServiceAccount
name: keycloak-operator
---
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
name: keycloak-operator-view
roleRef:
kind: ClusterRole
apiGroup: rbac.authorization.k8s.io
name: view
subjects:
- kind: ServiceAccount
name: keycloak-operator
---
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
name: keycloakcontroller-role-binding
roleRef:
kind: ClusterRole
apiGroup: rbac.authorization.k8s.io
name: keycloakcontroller-cluster-role
subjects:
- kind: ServiceAccount
name: keycloak-operator
---
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
name: keycloakrealmimportcontroller-role-binding
roleRef:
kind: ClusterRole
apiGroup: rbac.authorization.k8s.io
name: keycloakrealmimportcontroller-cluster-role
subjects:
- kind: ServiceAccount
name: keycloak-operator
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: keycloakcontroller-cluster-role
rules:
- apiGroups:
- k8s.keycloak.org
resources:
- keycloaks
- keycloaks/status
- keycloaks/finalizers
verbs:
- get
- list
- watch
- create
- delete
- patch
- update
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: keycloakrealmimportcontroller-cluster-role
rules:
- apiGroups:
- k8s.keycloak.org
resources:
- keycloakrealmimports
- keycloakrealmimports/status
- keycloakrealmimports/finalizers
verbs:
- get
- list
- watch
- create
- delete
- patch
- update
---
apiVersion: apps/v1
kind: Deployment
metadata:
annotations:
app.quarkus.io/build-timestamp: 2022-12-13 - 14:29:14 +0000
labels:
app.kubernetes.io/name: keycloak-operator
app.kubernetes.io/version: 20.0.2
name: keycloak-operator
spec:
replicas: 1
selector:
matchLabels:
app.kubernetes.io/name: keycloak-operator
app.kubernetes.io/version: 20.0.2
template:
metadata:
annotations:
app.quarkus.io/build-timestamp: 2022-12-13 - 14:29:14 +0000
labels:
app.kubernetes.io/name: keycloak-operator
app.kubernetes.io/version: 20.0.2
spec:
containers:
- env:
- name: KUBERNETES_NAMESPACE
valueFrom:
fieldRef:
fieldPath: metadata.namespace
- name: OPERATOR_KEYCLOAK_IMAGE
value: quay.io/keycloak/keycloak:20.0.2
image: quay.io/keycloak/keycloak-operator:20.0.2
imagePullPolicy: Always
livenessProbe:
failureThreshold: 3
httpGet:
path: /q/health/live
port: 8080
scheme: HTTP
initialDelaySeconds: 0
periodSeconds: 30
successThreshold: 1
timeoutSeconds: 10
name: keycloak-operator
ports:
- containerPort: 8080
name: http
protocol: TCP
readinessProbe:
failureThreshold: 3
httpGet:
path: /q/health/ready
port: 8080
scheme: HTTP
initialDelaySeconds: 0
periodSeconds: 30
successThreshold: 1
timeoutSeconds: 10
serviceAccountName: keycloak-operator
{{- end }}