2023-11-23 12:27:47 +00:00
---
# Source: keycloak/templates/infinispan/remote-store-secret.yaml
# tag::keycloak-ispn-secret[]
apiVersion : v1
kind : Secret
metadata :
name : remote-store-secret
namespace : keycloak
type : Opaque
data :
username : ZGV2ZWxvcGVy # base64 encoding for 'developer'
password : c2VjdXJlX3Bhc3N3b3Jk # base64 encoding for 'secure_password'
# end::keycloak-ispn-secret[]
---
# Source: keycloak/templates/keycloak-db-secret.yaml
apiVersion : v1
kind : Secret
metadata :
name : keycloak-db-secret
namespace : keycloak
type : Opaque
data :
username : a2V5Y2xvYWs= # keycloak
password : c2VjcmV0OTk= # secret99
---
# Source: keycloak/templates/keycloak-initial-admin-secret.yaml
apiVersion : v1
kind : Secret
metadata :
labels :
app : keycloak
name : keycloak-preconfigured-admin
namespace : keycloak
type : kubernetes.io/basic-auth
data :
password : YWRtaW4= # admin by default
username : YWRtaW4= # admin
---
# Source: keycloak/templates/keycloak-tls-secret.yaml
apiVersion : v1
data :
tls.crt : LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUVmekNDQXVlZ0F3SUJBZ0lSQUlVenBxa1FoaTNKclZBcmxVNVRhVTB3RFFZSktvWklodmNOQVFFTEJRQXcKZ1lreEhqQWNCZ05WQkFvVEZXMXJZMlZ5ZENCa1pYWmxiRzl3YldWdWRDQkRRVEV2TUMwR0ExVUVDd3dtWVhCbApjblZtWm05QVlYQmxjblZtWm04dGJXRmpJQ2hCYm1SeVpXRWdVR1Z5ZFdabWJ5a3hOakEwQmdOVkJBTU1MVzFyClkyVnlkQ0JoY0dWeWRXWm1iMEJoY0dWeWRXWm1ieTF0WVdNZ0tFRnVaSEpsWVNCUVpYSjFabVp2S1RBZUZ3MHkKTWpBek1ETXhNVEExTlRWYUZ3MHlOREEyTURNeE1EQTFOVFZhTUZveEp6QWxCZ05WQkFvVEhtMXJZMlZ5ZENCawpaWFpsYkc5d2JXVnVkQ0JqWlhKMGFXWnBZMkYwWlRFdk1DMEdBMVVFQ3d3bVlYQmxjblZtWm05QVlYQmxjblZtClptOHRiV0ZqSUNoQmJtUnlaV0VnVUdWeWRXWm1ieWt3Z2dFaU1BMEdDU3FHU0liM0RRRUJBUVVBQTRJQkR3QXcKZ2dFS0FvSUJBUUN5MjljQ0JrSzZNWERNbWZONy9TVmdiNXR2WXFWc01LVjhjaEwvTE5UcXVkdVA0QVBZeEtzMApQWnZBd0RRa3lGUXRxQlVvTXBhelBCaUpyREZ2eHc2VDZaeGVUOXlobCtvNWxhVmdseUdUMC9TcTBjTkg3UkZaCk5KeXpEZDdhREVjc2E0cmZmVEJPbk9UZjZ3QzhuSkNobTl4Mm9FWlU0UHRIb2tKZzcrVlFXYUdVRHg3Wm5YSlgKUXQ5SXFSb1dQWW1BWnNQc1FUNzdPeWkzUGZSa2NqZ1FTWEJsWVhNWXFZOWxMZTZpR2NldnNkdGhyOEdOZFF4dQpJV3RBOTYwdkgzSFpwRmgyRXRJbnVEOTdlWjU4STB4WXZuU2xSZGlXV1BPSTNwWDFvR0xyWDZjWGl1RlRDNUg3ClB3NnVSZUdVZ2tvR2tXS1pSU3RZdGp1dENuZHEvZ2JuQWdNQkFBR2pnWTh3Z1l3d0RnWURWUjBQQVFIL0JBUUQKQWdXZ01CTUdBMVVkSlFRTU1Bb0dDQ3NHQVFVRkJ3TUJNQjhHQTFVZEl3UVlNQmFBRkg2Qmh5V21zVEpwMTdqSApVLzlKaDI1MUdhMTFNRVFHQTFVZEVRUTlNRHVDQzJWNFlXMXdiR1V1WTI5dGdnbHRlV0Z3Y0M1a1pYYUNDV3h2ClkyRnNhRzl6ZEljRWZ3QUFBWWNRQUFBQUFBQUFBQUFBQUFBQUFBQUFBVEFOQmdrcWhraUc5dzBCQVFzRkFBT0MKQVlFQWYrazRMQW11YjlLKzM3RWo5M3RwYXhZdER2cUl4d1VpVkRHUyt6TElrd296akkyaHVTYko2N0lsdVJZaQp0SjVUU3hlM1hMTTNJM1NQU2tKNUxpY0JLRjJDRW1tdDBKRnk2WERxeU80L3NncFVDWVh6V3J1ZWU5VWM4VkhNCnljL3ZLclN3bTVDek82alIyZk0xajdCUWVJdHh6Qk1rTlJYZUUxSUVJWGtYMUFFUGRYaFBHZXFya1NqYzdGbjkKSkIzeGIvN0xvdTNxSFlBV2xyeThicWd2Z0pjZFlVWE9RWlVZSXE0ekd4bkNZRFRTblRuTG8vbW5YQ0h6MHZXRApldlpRQzhsL2t2TWRNb1RNSUxWamxObFgyeTNyekw2ak1QZTIxcGpSdFd3K0R6S1E1dkdZemMxL1hFbXJRaVJVCmxlRWE4cVp4QVkySXptMW9hTWdNa0cwZklKRkEyZk9DSGVWTnJOek93S1ZjaXFGVHpUanpZMW9HZDd5bncrQ28KaUF1Tm03TERxdzczakJYMVBBK1ZYM0pnRTVlODVnQ0FVU0UzK0Y3Z1RGb1hBS1M3T255Mk9mS0xSREw3U0NPWgp1THlub1NVeTUrcnJlUjBJNzRwTXVhRm9hUHo5U2lCNzVCNnZ4eGZWV0xLN0g3T1ZxV1YyR0Qra3dxSW1hOUVJClVmV2IKLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLQo=
tls.key : LS0tLS1CRUdJTiBQUklWQVRFIEtFWS0tLS0tCk1JSUV2Z0lCQURBTkJna3Foa2lHOXcwQkFRRUZBQVNDQktnd2dnU2tBZ0VBQW9JQkFRQ3kyOWNDQmtLNk1YRE0KbWZONy9TVmdiNXR2WXFWc01LVjhjaEwvTE5UcXVkdVA0QVBZeEtzMFBadkF3RFFreUZRdHFCVW9NcGF6UEJpSgpyREZ2eHc2VDZaeGVUOXlobCtvNWxhVmdseUdUMC9TcTBjTkg3UkZaTkp5ekRkN2FERWNzYTRyZmZUQk9uT1RmCjZ3QzhuSkNobTl4Mm9FWlU0UHRIb2tKZzcrVlFXYUdVRHg3Wm5YSlhRdDlJcVJvV1BZbUFac1BzUVQ3N095aTMKUGZSa2NqZ1FTWEJsWVhNWXFZOWxMZTZpR2NldnNkdGhyOEdOZFF4dUlXdEE5NjB2SDNIWnBGaDJFdEludUQ5NwplWjU4STB4WXZuU2xSZGlXV1BPSTNwWDFvR0xyWDZjWGl1RlRDNUg3UHc2dVJlR1Vna29Ha1dLWlJTdFl0anV0CkNuZHEvZ2JuQWdNQkFBRUNnZ0VBWEtWSlV2QWhRa2IzMGROdzd1bXFvYkJPQ0QxRnlLdk9ISThPVGdWUDZLSUwKSEJTQ2laY2R3M3FpSWc2dE05eGMxaVY1aUEva1JjVThSSnZnSTdFdFdPcXFKNlFnZWNleCtOQU9FT0ZYOERYYgpSMXhPVmdSemR3eXNtb2IxeDJhU3UyeWRTN1NTQURaK3k0bjBJTDdNb0JtVzhnK0ZQdFFtOU8wVWl4ZllaV3lhCmVleHFOS0xLVS9neG5iZXIvQy9kVWpPS3dndmpDRHkvZjhGQ1BNcDBEZzFLdU1Uc2J5ZjRyczQvM1JkUDBtK08KdXZhTTJQaEJsNEJJQVg2NXRIc1p6TGRtZWhOdzd1RGR1eGhBenVwVkR6YlhKcGQ5cEZaWE83QzlGWXhVNFpuSgpHbnliWktQcDlrL28yVkw2OWR1d0NSdkYySlVWdEZQZ2pibG80R2o4Y1FLQmdRRFc3NXVhdGtHUmNHR1Y3QWE3CktWcXVwWXFoazlxOERvaG9CZ2xvZzZMb3REMzFxbks2b1hwM2UweS9mZElMaEFERGdCaStEYW05aGFicEV4Q3YKK29TcnVNbFJLM1EyN1ZzbFd6WVQ2K0JyZDRNS3RrNjN6TG1YS25iTWhsOE9TQ1FERmdrUXQrWExGak1FUmNmawpvb2JWem1qajdrWnh5c1hoV2xsdlFTaXkyUUtCZ1FEVkI3ZG9oNDcwZ3I2VjBvbko4VzlDazF6MTBWMEtCQ0ZjCmFkd3Z4UjBKdUhsc2ZmVVJsaU1zQ3VzQlYzWDJpb3liblNxeG14SGQ0Qm5zeWx4bFlLdEpkM2pQbE05bnVoajAKbWZwMzFIcEN6aWRZRUs5Q1RVVFBTZE5tcUlFdHJqTkppano0OHcxNWlTVFA2c2c4ZXhWVUdtTVkrUDVyeDM4SQpXSkxzU3VqdnZ3S0JnUUNrTW5QN0l4VEFHTXhVRGZXdWNZODNNSHZScC9SSUNnb20vY1dlTkVIMTZBd1ZhdHN1CnZFR2ttV3N1TnQ2SnNaUXJ4ZVlnK3FzYmY4amM4WldqK292ejY3elA1NVJtaWJsQnRvWi9mWWo2VUZpcGpGQmkKbFdHS25BUVpodVdETVpWaFRpb3F2WEl0VFk0M3kxOUR5TzJjMUl6STQ3U3BKYkU1MFIzVm9qK0hNUUtCZ0VkZwpESDJEWGN4aXVnUnN4Q25iTU5IM21kL3F3K2VGTnNCRjM3WkpyczhBOWYzNXZkQ2tveWd3aUVpc3l5Tk5qSXJlCi85ejkvZUIvSTNDSTVLZzYyV2tHRkg1SWQ2MWpWdFV0ZWhRSUp1YVhOK3R6dTZUVlNzYkJENG1IejdCRWUzNmEKU0krSXIrMFduRFRsankxa2QrTHo3RndEb1FydmpvcDNVdExFem9MMUFvR0JBTTcvWVRNWSszV1NDeENPL3NIWAo3OGZDeHhBRHFMVWMxVURYdGMzcFhKQnorL3hJeUx1Q3JQYnlsUC82L21yRjN4SENTbGg3bi9mcFovV1dRMzIxCjNyZnR5Y2czWWVzalZxdjBaZmJVb01OdFE5cGYrcFpQMGpWVEZXMlF3YTZWYURrcGdTQnB4QzlvWXlMWTRldGMKajBkWm9NeTVMYXNKcm5jUjhlTVc4NHlnCi0tLS0tRU5EIFBSSVZBVEUgS0VZLS0tLS0K
kind : Secret
metadata :
name : keycloak-tls-secret
namespace : keycloak
type : kubernetes.io/tls
---
# Source: keycloak/templates/keycloak-infinispan-configmap.yaml
# tag::keycloak-ispn-configmap[]
apiVersion : v1
kind : ConfigMap
metadata :
name : kcb-infinispan-cache-config
namespace : keycloak
data :
kcb-infinispan-cache-remote-store-config.xml : |
<?xml version="1.0" encoding="UTF-8"?>
<!-- end::keycloak-ispn-configmap[] -->
<!--
~ Copyright 2019 Red Hat, Inc. and/or its affiliates
~ and other contributors as indicated by the @author tags.
~
~ Licensed under the Apache License, Version 2.0 (the "License");
~ you may not use this file except in compliance with the License.
~ You may obtain a copy of the License at
~
~ http://www.apache.org/licenses/LICENSE-2.0
~
~ Unless required by applicable law or agreed to in writing, software
~ distributed under the License is distributed on an "AS IS" BASIS,
~ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
~ See the License for the specific language governing permissions and
~ limitations under the License.
-->
<!--tag::keycloak-ispn-configmap[] -->
<infinispan
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="urn:infinispan:config:14.0 https://www.infinispan.org/schemas/infinispan-config-14.0.xsd
urn:infinispan:config:store:remote:14.0 https://www.infinispan.org/schemas/infinispan-cachestore-remote-config-14.0.xsd"
xmlns="urn:infinispan:config:14.0">
<!--end::keycloak-ispn-configmap[] -->
<!-- the statistics="true" attribute is not part of the original KC config and was added by Keycloak Benchmark -->
<cache-container name="keycloak" statistics="true">
<transport lock-timeout="60000"/>
<metrics names-as-tags="true" />
<local-cache name="realms" simple-cache="true" statistics="true">
<encoding>
<key media-type="application/x-java-object"/>
<value media-type="application/x-java-object"/>
</encoding>
<memory max-count="10000"/>
</local-cache>
<local-cache name="users" simple-cache="true" statistics="true">
<encoding>
<key media-type="application/x-java-object"/>
<value media-type="application/x-java-object"/>
</encoding>
<memory max-count="10000"/>
</local-cache>
<!--tag::keycloak-ispn-remotestore[] -->
<distributed-cache name="sessions" owners="2" statistics="true">
<expiration lifespan="-1"/>
<persistence passivation="false"> <!--1-->
<remote-store xmlns="urn:infinispan:config:store:remote:14.0"
cache="sessions"
raw-values="true"
shared="true"
segmented="false">
<remote-server host="${env.KC_REMOTE_STORE_HOST}"
port="${env.KC_REMOTE_STORE_PORT}"/> <!--2-->
<connection-pool max-active="16"
exhausted-action="CREATE_NEW"/>
<security>
<authentication server-name="infinispan">
<digest username="${env.KC_REMOTE_STORE_USERNAME}"
password="${env.KC_REMOTE_STORE_PASSWORD}"
realm="default"/> <!--3-->
</authentication>
<encryption protocol="TLSv1.3"
sni-hostname="${env.KC_REMOTE_STORE_HOST}">
<truststore filename="/var/run/secrets/kubernetes.io/serviceaccount/service-ca.crt"
type="pem"/> <!--4-->
</encryption>
</security>
</remote-store>
</persistence>
</distributed-cache>
<!--end::keycloak-ispn-remotestore[] -->
<distributed-cache name="authenticationSessions" owners="2" statistics="true">
<expiration lifespan="-1"/>
<persistence passivation="false">
<remote-store xmlns="urn:infinispan:config:store:remote:14.0"
cache="authenticationSessions"
raw-values="true"
shared="true"
segmented="false">
<remote-server host="${env.KC_REMOTE_STORE_HOST}"
port="${env.KC_REMOTE_STORE_PORT}"/>
<connection-pool max-active="16"
exhausted-action="CREATE_NEW"/>
<security>
<authentication server-name="infinispan">
<digest username="${env.KC_REMOTE_STORE_USERNAME}"
password="${env.KC_REMOTE_STORE_PASSWORD}"
realm="default"/>
</authentication>
<encryption protocol="TLSv1.3"
sni-hostname="${env.KC_REMOTE_STORE_HOST}">
<truststore filename="/var/run/secrets/kubernetes.io/serviceaccount/service-ca.crt"
type="pem"/>
</encryption>
</security>
</remote-store>
</persistence>
</distributed-cache>
<distributed-cache name="offlineSessions" owners="2" statistics="true">
<expiration lifespan="-1"/>
<persistence passivation="false">
<remote-store xmlns="urn:infinispan:config:store:remote:14.0"
cache="offlineSessions"
raw-values="true"
shared="true"
segmented="false">
<remote-server host="${env.KC_REMOTE_STORE_HOST}"
port="${env.KC_REMOTE_STORE_PORT}"/>
<connection-pool max-active="16"
exhausted-action="CREATE_NEW"/>
<security>
<authentication server-name="infinispan">
<digest username="${env.KC_REMOTE_STORE_USERNAME}"
password="${env.KC_REMOTE_STORE_PASSWORD}"
realm="default"/>
</authentication>
<encryption protocol="TLSv1.3"
sni-hostname="${env.KC_REMOTE_STORE_HOST}">
<truststore filename="/var/run/secrets/kubernetes.io/serviceaccount/service-ca.crt"
type="pem"/>
</encryption>
</security>
</remote-store>
</persistence>
</distributed-cache>
<distributed-cache name="clientSessions" owners="2" statistics="true">
<expiration lifespan="-1"/>
<persistence passivation="false">
<remote-store xmlns="urn:infinispan:config:store:remote:14.0"
cache="clientSessions"
raw-values="true"
shared="true"
segmented="false">
<remote-server host="${env.KC_REMOTE_STORE_HOST}"
port="${env.KC_REMOTE_STORE_PORT}"/>
<connection-pool max-active="16"
exhausted-action="CREATE_NEW"/>
<security>
<authentication server-name="infinispan">
<digest username="${env.KC_REMOTE_STORE_USERNAME}"
password="${env.KC_REMOTE_STORE_PASSWORD}"
realm="default"/>
</authentication>
<encryption protocol="TLSv1.3" sni-hostname="${env.KC_REMOTE_STORE_HOST}">
<truststore filename="/var/run/secrets/kubernetes.io/serviceaccount/service-ca.crt"
type="pem"/>
</encryption>
</security>
</remote-store>
</persistence>
</distributed-cache>
<distributed-cache name="offlineClientSessions" owners="2" statistics="true">
<expiration lifespan="-1"/>
<persistence passivation="false">
<remote-store xmlns="urn:infinispan:config:store:remote:14.0"
cache="offlineClientSessions"
raw-values="true"
shared="true"
segmented="false">
<remote-server host="${env.KC_REMOTE_STORE_HOST}"
port="${env.KC_REMOTE_STORE_PORT}"/>
<connection-pool max-active="16"
exhausted-action="CREATE_NEW"/>
<security>
<authentication server-name="infinispan">
<digest username="${env.KC_REMOTE_STORE_USERNAME}"
password="${env.KC_REMOTE_STORE_PASSWORD}"
realm="default"/>
</authentication>
<encryption protocol="TLSv1.3" sni-hostname="${env.KC_REMOTE_STORE_HOST}">
<truststore filename="/var/run/secrets/kubernetes.io/serviceaccount/service-ca.crt"
type="pem"/>
</encryption>
</security>
</remote-store>
</persistence>
</distributed-cache>
<distributed-cache name="loginFailures" owners="2" statistics="true">
<expiration lifespan="-1"/>
<persistence passivation="false">
<remote-store xmlns="urn:infinispan:config:store:remote:14.0"
cache="loginFailures"
raw-values="true"
shared="true"
segmented="false">
<remote-server host="${env.KC_REMOTE_STORE_HOST}"
port="${env.KC_REMOTE_STORE_PORT}"/>
<connection-pool max-active="16"
exhausted-action="CREATE_NEW"/>
<security>
<authentication server-name="infinispan">
<digest username="${env.KC_REMOTE_STORE_USERNAME}"
password="${env.KC_REMOTE_STORE_PASSWORD}"
realm="default"/>
</authentication>
<encryption protocol="TLSv1.3" sni-hostname="${env.KC_REMOTE_STORE_HOST}">
<truststore filename="/var/run/secrets/kubernetes.io/serviceaccount/service-ca.crt"
type="pem"/>
</encryption>
</security>
</remote-store>
</persistence>
</distributed-cache>
<local-cache name="authorization" simple-cache="true" statistics="true">
<encoding>
<key media-type="application/x-java-object"/>
<value media-type="application/x-java-object"/>
</encoding>
<memory max-count="10000"/>
</local-cache>
<!--tag::keycloak-ispn-remotestore-work[] -->
<replicated-cache name="work" statistics="true">
<expiration lifespan="-1"/>
<persistence passivation="false">
<remote-store xmlns="urn:infinispan:config:store:remote:14.0"
cache="work"
raw-values="true"
shared="true"
segmented="false">
<remote-server host="${env.KC_REMOTE_STORE_HOST}"
port="${env.KC_REMOTE_STORE_PORT}"/>
<connection-pool max-active="16"
exhausted-action="CREATE_NEW"/>
<security>
<authentication server-name="infinispan">
<digest username="${env.KC_REMOTE_STORE_USERNAME}"
password="${env.KC_REMOTE_STORE_PASSWORD}"
realm="default"/>
</authentication>
<encryption protocol="TLSv1.3" sni-hostname="${env.KC_REMOTE_STORE_HOST}">
<truststore filename="/var/run/secrets/kubernetes.io/serviceaccount/service-ca.crt"
type="pem"/>
</encryption>
</security>
</remote-store>
</persistence>
</replicated-cache>
<!--end::keycloak-ispn-remotestore-work[] -->
<local-cache name="keys" simple-cache="true" statistics="true">
<encoding>
<key media-type="application/x-java-object"/>
<value media-type="application/x-java-object"/>
</encoding>
<expiration max-idle="3600000"/>
<memory max-count="1000"/>
</local-cache>
<distributed-cache name="actionTokens" owners="2" statistics="true">
<encoding>
<key media-type="application/x-java-object"/>
<value media-type="application/x-java-object"/>
</encoding>
<expiration max-idle="-1" lifespan="-1" interval="300000"/>
<memory max-count="-1"/>
<persistence passivation="false">
<remote-store xmlns="urn:infinispan:config:store:remote:14.0"
cache="actionTokens"
raw-values="true"
shared="true"
segmented="false">
<remote-server host="${env.KC_REMOTE_STORE_HOST}"
port="${env.KC_REMOTE_STORE_PORT}"/>
<connection-pool max-active="16"
exhausted-action="CREATE_NEW"/>
<security>
<authentication server-name="infinispan">
<digest username="${env.KC_REMOTE_STORE_USERNAME}"
password="${env.KC_REMOTE_STORE_PASSWORD}"
realm="default"/>
</authentication>
<encryption protocol="TLSv1.3" sni-hostname="${env.KC_REMOTE_STORE_HOST}">
<truststore filename="/var/run/secrets/kubernetes.io/serviceaccount/service-ca.crt"
type="pem"/>
</encryption>
</security>
</remote-store>
</persistence>
</distributed-cache>
</cache-container>
</infinispan>
---
# Source: keycloak/templates/keycloak-providers-configmap.yaml
apiVersion : v1
kind : ConfigMap
metadata :
name : keycloak-providers
namespace : keycloak
binaryData :
2024-01-17 14:44:08 +00:00
keycloak-benchmark-dataset-0.10-SNAPSHOT.jar : UEsDBAoAAAAAAHlfMFgAAAAAAAAAAAAAAAAJAAAATUVUQS1JTkYvUEsDBAoAAAAIAHhfMFh1EmQBagAAAH8AAAAUAAAATUVUQS1JTkYvTUFOSUZFU1QuTUbzTczLTEstLtENSy0qzszPs1Iw1DPg5XIsSs7ILEstQggH5KRWlBYrwCR4uZyLUhNLUlN0nSqtFBwLEpMzUhV8E8tS8xSM9Sz0THi5nEozc0rAskWpuUBT8vMgYim6XinZVgpGhrxcvFwAUEsDBAoAAAAAAHhfMFgAAAAAAAAAAAAAAAASAAAATUVUQS1JTkYvc2VydmljZXMvUEsDBAoAAAAAAHlfMFgAAAAAAAAAAAAAAAAEAAAAb3JnL1BLAwQKAAAAAAB5XzBYAAAAAAAAAAAAAAAADQAAAG9yZy9rZXljbG9hay9QSwMECgAAAAAAeV8wWAAAAAAAAAAAAAAAABcAAABvcmcva2V5Y2xvYWsvYmVuY2htYXJrL1BLAwQKAAAAAAB5XzBYAAAAAAAAAAAAAAAAGgAAAG9yZy9rZXljbG9hay9iZW5jaG1hcmsvbGIvUEsDBAoAAAAAAHlfMFgAAAAAAAAAAAAAAAAfAAAAb3JnL2tleWNsb2FrL2JlbmNobWFyay9kYXRhc2V0L1BLAwQKAAAAAAB5XzBYAAAAAAAAAAAAAAAAJgAAAG9yZy9rZXljbG9hay9iZW5jaG1hcmsvZGF0YXNldC9jb25maWcvUEsDBAoAAAAAAHlfMFgAAAAAAAAAAAAAAAAdAAAAb3JnL2tleWNsb2FrL2JlbmNobWFyay9jYWNoZS9QSwMECgAAAAgAeF8wWEL8aM4mAgAAnwQAACcAAABNRVRBLUlORi9qYm9zcy1kZXBsb3ltZW50LXN0cnVjdHVyZS54bWydU8Fu2zAMvfcruJw2ILaDHresWNZmqLEiAeJ0RY+KTDtcbUmT6Lq57NtHK2naosCG7mSLfO/58VGevkuSE4DfcG7dzlO9ZTidnE5ghSVcKh5DbnQKypSZ9UAcQFUVNaQYQ6RJByxv0YO2hj1tOrZeUAHIlKQFV8JmB4KAL6rjraiwqkM6kKPAFWk0QVCdKUVlAM6c0vI4dMbwA30ga+A0ncD7ATA6tEYfPkWNne2gVTswlqELKCIUQGwi4INGx+JF7LVOfBuN0BNv44cOMtEM3B5E7IaV4JUwnJyq50hQfDS+ZXYfs6zv+1RFw6n1ddbsgSG7ys/ni2KeiOkj5do0GAJ4/NWR3wejnLjSaiNeG9WDxKNqj9JjO7juPTGZegzBVtwrj1GnpLCP+kVsjx5l9ucACU4ZGM0KyIsRfJ0VeTGOKjf5+nJ5vYab2Wo1W6zzeQHLFZwvFxf5Ol8u5PQNZotb+J4vLsaAFLeMD84PMwy3YQgUy316BeILE5XdmwoONVWkZTpTd6pGqO09eiNDgUPfUhhWG4Z7FHUaaokVx9qr0R5vTZKcnZxMf25sCEmJrrG7Fg0nMnOnufN4JhiA6VNrX3gsougaTRieyrHV2rKTPRjV4ueRLDO9w51urLo7viQB/b14CaPs7VyBYJOQqchQcMr8W+P/sKlc9VbyextHVmk43Vr2tnwT0w1/Z2BJFFOPrWV8Tp9mrwOPteNmptlfFvkHUEsDBAoAAAAIAHhfMFjYvWimUQAAALcAAABNAAAATUVUQS1JTkYvc2VydmljZXMvb3JnLmtleWNsb2FrLnNlcnZpY2VzLnJlc291cmNlLlJlYWxtUmVzb3VyY2VQcm92aWRlckZhY3RvcnmdyzEKgDAMRuHdw+QSirP0BjH9sVJrII1Cby/iKg4u702f2kIZTTblTDN2SYUtU2TnCqfheUDVwwST6blG2Mjiaq3Tdy0sCdTf/SUDijq+/AVQSwMECgAAAAgAeF8wWA9o65NHAAAASAAAAEYAAABNRVRBLUlORi9zZXJ2aWNlcy9vcmcua2V5Y2xvYWsuaGVhbHRoLkxvYWRCYWxhbmNlckNoZWNrUHJvdmlkZXJGYWN0b3J5BcFRCoAwCADQ/w7jIQr6KgjqAs7JNrQJZsFu33vmBYQHqaFA4k71RhfQBBc/sb8a7WzBm2GeUbET+1KZ5HD7WmZfkcJ8TD9QSwMECgAAAAgAeV8wWCdRTyJ8AgAAUQYAAE0AAABvcmcva2V5Y2xvYWsvYmVuY2htYXJrL2xiL1Rlc3RNdWx0aVNpdGVMb2FkQmFsYW5jZXJDaGVja1Byb3ZpZGVyRmFjdG9yeS5jbGFzc61UUU8TQRD+htJeqQVqUQQRFAVtKXBIND6gRiWBNBYlKWni4/a6tkevd2RvIeFf6YskmvgD/FHG2eOspYKC8rKzO/vNN7Pf7O6375+/AniC1QwGkLAwmEUSKUJuVxwI2xN+035b35WOJqSeur6rnxMShWLNQprwIlBNuy0PHS8QbbsufafVEapte3V7R4Z6a9/TbtXVshKIxivBZI5U6y3ptLdVcOA2pMrAQsZkvEIoFCon6DpBQ3qh/TpeV2UYuoG/VqylMUwY0ZxgqWMyhJwhg1HkLFzNIo8xwub/FrYhHB2oQz60o6TQklA7Z3knUS0pPN2yz8yzZuE64dGFYrq1Da5zDYTRiuvLN/udulQ7ou6xJ18JHOHVhHLNOnYO6pYbEsqVS9JmjTO3T56eMH8ukbgYc5UIM32irgf+e7c5V3WCPcmdJiRDMyVM/QFHSO8FoS5HjPa52vTzCCbFePvUPcLiRZi4VHaHXGqyKXW5QbhWKFZ+PaKqVq7fZNjmP92jvVh7u3tx+IluSd0KGttCiY7UUnFzM9VgXzlywzUNX71QO5dNrYRs2fcZ4IkwlKGFZcLkmcpbWCGMnbLNIkQAzPKzHABrwX+MxZa/Fh7HeWWzJbbJhSPQR54M4AaPqcg5hAkes8cATOImWzIvOw5+hgTjGfcF1rvSEYY+9BEMRwTjx6CYwMymcCvKO42ZmOpxFInfaxjroaAuBeE27kQUs7j7N4qJMyjuYS6imO+qUYr8p1BM9yhBXSXu40EcuBTLmMhn+zWY7QlNHIfmXrKIBUaZ0BW2prLUQukTRvqje1uQihMXTTvYkTPQhSighEW2GYYtcUsfpoZ+AFBLAwQKAAAACAB5XzBYA1i9LYgEAADhCQAARgAAAG9yZy9rZXljbG9hay9iZW5jaG1hcmsvbGIvVGVzdE11bHRpU2l0ZUxvYWRCYWxhbmNlckNoZWNrUHJvdmlkZXIuY2xhc3OlVmtbG0UUficJbAgLtJECrYhgoQaQbhW0ltAbQSxtAlhoUPA22QzJks1u3N3gk3+iv8AvfqmXWvrBp5/71f9jPbNZEi4h4uPzkNmZM+fynjPvnOHV3y/+BHAT1RhCCCuIqOhAJ8OFPb7PNZNbBW0ttyd0j6FzwbAM7w5DODGZ7UIUXQpiKrqhMtyznYJWEjXdtHlJywlLL5a5U9LMnLYpXC9TNT1jw/BE2ub5RU5udeGkikIvrTv2vpEXDoPiCtc1bIthIn3MW9nOC9PVHgXrjbpaUkHvybi6bVkElXZdzbB2Ca5b4Za20pimGgqHcbtxARcVxFW8gX6Gq+eIzNBdEF4T+Gwi3SxWyuSum5w8nkEl0NUOjZLd6MGAikEMMfSRt027Ypt2oUZQbYa5xAkHZyR21CoZwxW8qWBYxVsYYbjxXx0w9BCQTE0e0yovC4Z+gtHMbMNzDKuQlAUbVTGGd4gRjuBm2aUTOwk4qNxjud9IOopxsilz15N1v4Z3FSRUTGKKYexfrRl6CZ4vWqzV8c0lTsNrgyMj58k40f09FTO4zjBY5iVBnNC5t2V4RZq5Hrc8SuhaS9enRDHcwPsKPlAxizmGi02FRds2BSeuKPvcrIq1XYaBxPZRF4EGFfQj3FTwsYpbmGcYaY+fQaUy3Pcofq7qURHmWyBtEaVVZIl+QcVt0J1Wc3VhVqL1r/i2vOL3VNzHIp0asaQgD+GKX9+9nO26mpRROC3t79HxLhGHJH1GJ9xRw6UximWGyNLa1moUDxhCT9ZjeIhHCtIqMlhlGDr
2023-11-23 12:27:47 +00:00
---
# Source: keycloak/templates/postgres/postgres-exporter-configmap.yaml
apiVersion : v1
kind : ConfigMap
metadata :
name : postgres-exporter
namespace : keycloak
data :
pgexporter-queries.yaml : |
# This is configuration file for postgres_exporter.
# Add custom metrics via SQL statements here as described here: https://github.com/prometheus-community/postgres_exporter#adding-new-metrics-via-a-config-file
# See https://github.com/prometheus-community/postgres_exporter/blob/master/queries.yaml for examples.
pg_locks_waiting :
# language=SQL
query : |
WITH q_locks AS (select * from pg_locks where granted = false and pid != pg_backend_pid())
SELECT (select current_database()) as datname, lower(lockmodes) AS mode, coalesce((select count(*) FROM q_locks WHERE mode = lockmodes), 0) AS count FROM
unnest('{AccessShareLock, ExclusiveLock, RowShareLock, RowExclusiveLock, ShareLock, ShareRowExclusiveLock, AccessExclusiveLock, ShareUpdateExclusiveLock}'::text[]) lockmodes;
metrics :
- datname :
usage : "LABEL"
description : "Database name"
- mode :
usage : "LABEL"
description : "Lock type"
- count :
usage : "GAUGE"
description : "Number of locks"
---
# Source: keycloak/templates/keycloak-jvmdebug-service.yaml
apiVersion : v1
kind : Service
metadata :
labels :
app : keycloak
name : keycloak-jvmdebug
namespace : keycloak
spec :
type : NodePort
ports :
- name : jvmdebug
port : 8787
protocol : TCP
nodePort : 30012
selector :
app : keycloak
sessionAffinity : None
---
# Source: keycloak/templates/postgres/postgres-exporter.yaml
apiVersion : v1
kind : Service
metadata :
labels :
app : postgres-exporter
name : postgres-exporter
namespace : keycloak
spec :
ports :
- port : 9187
name : metrics
protocol : TCP
targetPort : 9187
selector :
app : postgres-exporter
sessionAffinity : None
type : ClusterIP
---
# Source: keycloak/templates/postgres/postgres-nodeport.yaml
apiVersion : v1
kind : Service
metadata :
name : postgres-nodeport
namespace : keycloak
labels :
app : postgres
spec :
type : NodePort
ports :
- protocol : TCP
port : 5432
nodePort : 30009
selector :
app : postgres
---
# Source: keycloak/templates/postgres/postgres-service.yaml
apiVersion : v1
kind : Service
metadata :
labels :
app : postgres
name : postgres
namespace : keycloak
spec :
ports :
- port : 5432
protocol : TCP
targetPort : 5432
selector :
app : postgres
sessionAffinity : None
type : ClusterIP
---
# Source: keycloak/templates/sqlpad.yaml
apiVersion : v1
kind : Service
metadata :
labels :
app : sqlpad
name : sqlpad
namespace : keycloak
spec :
ports :
- port : 3000
protocol : TCP
targetPort : 3000
selector :
app : sqlpad
sessionAffinity : None
type : ClusterIP
---
# Source: keycloak/templates/postgres/postgres-deployment.yaml
apiVersion : apps/v1
kind : Deployment
metadata :
labels :
app : postgres
name : postgres
namespace : keycloak
spec :
progressDeadlineSeconds : 600
replicas : 1
revisionHistoryLimit : 10
selector :
matchLabels :
app : postgres
strategy :
type : Recreate
template :
metadata :
labels :
app : postgres
spec :
containers :
- imagePullPolicy : Always
env :
- name : POSTGRES_PASSWORD
value : secret99
- name : POSTGRES_USER
value : keycloak
- name : POSTGRES_DB
value : keycloak
image : postgres:13.2
args :
# default of max_prepared_transactions is 0, and this setting should match the number of active connections
# so that running Quarkus with JTA and more than one data store can prepare transactions.
- -c
- max_prepared_transactions=100
resources :
requests :
cpu : "0"
startupProbe :
tcpSocket :
port : 5432
failureThreshold : 20
initialDelaySeconds : 10
periodSeconds : 2
readinessProbe :
tcpSocket :
port : 5432
failureThreshold : 10
periodSeconds : 10
livenessProbe :
tcpSocket :
port : 5432
failureThreshold : 10
periodSeconds : 10
name : postgres
ports :
- containerPort : 5432
protocol : TCP
restartPolicy : Always
# The rhel9/postgresql-13 is known to take ~30 seconds to shut down
# As this is a deployment with ephemeral storage, there is no need to wait as the data will be gone anyway
terminationGracePeriodSeconds : 0
---
# Source: keycloak/templates/postgres/postgres-exporter.yaml
apiVersion : apps/v1
kind : Deployment
metadata :
labels :
app : postgres-exporter
name : postgres-exporter
namespace : keycloak
spec :
replicas : 1
revisionHistoryLimit : 10
selector :
matchLabels :
app : postgres-exporter
strategy :
type : Recreate
template :
metadata :
labels :
app : postgres-exporter
annotations :
checksum : ea6be7f450cc15ae55e469caf5a789a1cfd67ff8612d737ec5d85c83d528ee52
spec :
containers :
- env :
- name : DATA_SOURCE_NAME
value : postgresql://keycloak:secret99@postgres:5432/keycloak?sslmode=disable
- name : PG_EXPORTER_EXTEND_QUERY_PATH
value : /conf/pgexporter-queries.yaml
image : quay.io/prometheuscommunity/postgres-exporter:v0.10.1
imagePullPolicy : Always
startupProbe :
httpGet :
path : /metrics
port : 9187
failureThreshold : 20
initialDelaySeconds : 10
periodSeconds : 2
readinessProbe :
httpGet :
path : /metrics
port : 9187
failureThreshold : 10
periodSeconds : 10
livenessProbe :
httpGet :
path : /metrics
port : 9187
failureThreshold : 10
periodSeconds : 10
name : postgres-exporter
ports :
- containerPort : 9187
name : metrics
protocol : TCP
volumeMounts :
- mountPath : /conf
name : config
restartPolicy : Always
volumes :
- name : config
configMap :
name : postgres-exporter
---
# Source: keycloak/templates/sqlpad.yaml
apiVersion : apps/v1
kind : Deployment
metadata :
labels :
app : sqlpad
name : sqlpad
namespace : keycloak
spec :
progressDeadlineSeconds : 600
replicas : 1
revisionHistoryLimit : 10
selector :
matchLabels :
app : sqlpad
strategy :
type : Recreate
template :
metadata :
labels :
app : sqlpad
spec :
containers :
- env :
- name : SQLPAD_ADMIN
value : 'admin'
- name : SQLPAD_ADMIN_PASSWORD
value : 'admin'
- name : SQLPAD_PORT
value : '3000'
- name : SQLPAD_APP_LOG_LEVEL
value : debug
- name : SQLPAD_WEB_LOG_LEVEL
value : warn
- name : SQLPAD_SEED_DATA_PATH
value : /etc/sqlpad/seed-data
- name : SQLPAD_CONNECTIONS__pgdemo__name
value : PostgresSQL Keycloak
- name : SQLPAD_CONNECTIONS__pgdemo__port
value : '5432'
- name : SQLPAD_CONNECTIONS__pgdemo__host
value : postgres
- name : SQLPAD_CONNECTIONS__pgdemo__username
value : keycloak
- name : SQLPAD_CONNECTIONS__pgdemo__password
value : pass
- name : SQLPAD_CONNECTIONS__pgdemo__database
value : keycloak
- name : SQLPAD_CONNECTIONS__pgdemo__driver
value : postgres
- name : SQLPAD_CONNECTIONS__pgdemo__multiStatementTransactionEnabled
value : 'true'
- name : SQLPAD_CONNECTIONS__pgdemo__idleTimeoutSeconds
value : '86400'
- name : SQLPAD_QUERY_RESULT_MAX_ROWS
value : '100000'
image : sqlpad/sqlpad:6.11.0
imagePullPolicy : Always
startupProbe :
httpGet :
path : /
port : 3000
failureThreshold : 20
initialDelaySeconds : 10
periodSeconds : 2
readinessProbe :
httpGet :
path : /
port : 3000
failureThreshold : 10
periodSeconds : 10
livenessProbe :
httpGet :
path : /
port : 3000
failureThreshold : 10
periodSeconds : 10
name : sqlpad
ports :
- containerPort : 3000
protocol : TCP
restartPolicy : Always
---
# Source: keycloak/templates/sqlpad.yaml
apiVersion : networking.k8s.io/v1
kind : Ingress
metadata :
labels :
app : sqlpad
name : sqlpad
namespace : keycloak
spec :
defaultBackend :
service :
name : sqlpad
port :
number : 3000
rules :
- host : sqlpad.minikube.nip.io
http :
paths :
- backend :
service :
name : sqlpad
port :
number : 3000
path : /
pathType : ImplementationSpecific
---
# Source: keycloak/templates/keycloak.yaml
# There are several callouts in this YAML marked with `# <1>' etc. See 'running/keycloak-deployment.adoc` for the details.
# tag::keycloak[]
# tag::keycloak-ispn[]
apiVersion : k8s.keycloak.org/v2alpha1
kind : Keycloak
metadata :
labels :
app : keycloak
name : keycloak
namespace : keycloak
spec :
# end::keycloak-ispn[]
hostname :
hostname : keycloak-keycloak.minikube.nip.io
db :
vendor : postgres
url : jdbc:postgresql://postgres:5432/keycloak
poolMinSize : 15 # <1>
poolInitialSize : 15
poolMaxSize : 15
usernameSecret :
name : keycloak-db-secret
key : username
passwordSecret :
name : keycloak-db-secret
key : password
2023-11-30 12:47:06 +00:00
features :
enabled :
- multi-site # <2>
2023-11-23 12:27:47 +00:00
# tag::keycloak-ispn[]
2024-02-05 10:19:30 +00:00
cache :
configMapFile :
name : kcb-infinispan-cache-config # <1>
key : kcb-infinispan-cache-remote-store-config.xml # <1>
# end::keycloak-ispn[]
# tag::keycloak-ispn[]
2023-11-23 12:27:47 +00:00
additionalOptions :
2024-02-05 10:19:30 +00:00
# end::keycloak-ispn[]
2024-01-17 14:44:08 +00:00
# tag::keycloak-queue-size[]
- name : http-max-queued-requests
value : "1000"
# end::keycloak-queue-size[]
- name : log-console-output
2023-11-23 12:27:47 +00:00
value : json
2023-11-30 12:47:06 +00:00
- name : metrics-enabled # <3>
2023-11-23 12:27:47 +00:00
value : 'true'
# tag::keycloak-ispn[]
- name : remote-store-host # <2>
value : "infinispan.keycloak.svc"
- name : remote-store-port # <2>
value : "11222"
- name : remote-store-username # <3>
secret :
name : remote-store-secret
key : username
- name : remote-store-password # <3>
secret :
name : remote-store-secret
key : password
2024-02-05 10:19:30 +00:00
- name : spi-connections-infinispan-quarkus-site-name # <4>
value : keycloak
# end::keycloak-ispn[]
2023-11-23 12:27:47 +00:00
http :
tlsSecret : keycloak-tls-secret
instances : 1
unsupported :
podTemplate :
# end::keycloak[]
metadata :
annotations :
2024-02-05 10:19:30 +00:00
checksum/config : 4ea7d5f76d813828d0306098e48de65564756d4629233b2f7125709bcac6b4dc-4832924b47210161956e3b1718daf07ff52d801545186a76c391485eaf1897d3--56f92cd9012613402e2a7a61aded0f218d077b8c6345b22922ca7bf1a5c64984-v1.27.0
2023-11-23 12:27:47 +00:00
# tag::keycloak[]
spec :
containers :
- env :
2023-11-30 12:47:06 +00:00
- name : 'QUARKUS_THREAD_POOL_MAX_THREADS' # <4>
2023-11-23 12:27:47 +00:00
value : "200"
# end::keycloak[]
# We want to have an externally provided username and password, therefore, we override those two environment variables
- name : KEYCLOAK_ADMIN
valueFrom :
secretKeyRef :
name : keycloak-preconfigured-admin
key : username
optional : false
- name : KEYCLOAK_ADMIN_PASSWORD
valueFrom :
secretKeyRef :
name : keycloak-preconfigured-admin
key : password
optional : false
# tag::keycloak[]
2023-11-30 12:47:06 +00:00
- name : JAVA_OPTS_APPEND # <5>
2024-02-05 10:19:30 +00:00
value : ""
2023-11-23 12:27:47 +00:00
# end::keycloak[]
ports :
# tag::keycloak[]
resources :
requests :
memory : "1024M"
limits :
memory : "1024M"
# end::keycloak[]
# readinessProbe:
# exec:
# command:
# - 'true'
# livenessProbe:
# exec:
# command:
# - 'true'
volumeMounts :
- name : keycloak-providers
mountPath : /opt/keycloak/providers
readOnly : true
volumes :
- name : keycloak-providers
configMap :
name : keycloak-providers
---
# Source: keycloak/templates/keycloak-monitor.yaml
apiVersion : monitoring.coreos.com/v1
kind : PodMonitor
metadata :
name : keycloak-metrics
namespace : keycloak
spec :
selector :
matchLabels :
app : keycloak
podMetricsEndpoints :
# todo: targetPort is deprecated, ask the operator to specify a name instead
- targetPort : 8443
scheme : https
tlsConfig :
insecureSkipVerify : true
---
# Source: keycloak/templates/postgres/postgres-exporter.yaml
apiVersion : monitoring.coreos.com/v1
kind : ServiceMonitor
metadata :
labels :
app : postgres-exporter
name : postgres-exporter
namespace : keycloak
spec :
endpoints :
- port : metrics
jobLabel : jobLabel
selector :
matchLabels :
app : postgres-exporter