add role for app keycloak

1 files changed, 59 insertions, 0 deletions

diff --git a/roles/apps/keycloak/templates/pod-spec-with-mariadb.yml.j2 b/roles/apps/keycloak/templates/pod-spec-with-mariadb.yml.j2
new file mode 100644
index 00000000..dd63d3a0
--- /dev/null
+++ b/roles/apps/keycloak/templates/pod-spec-with-mariadb.yml.j2
@@ -0,0 +1,59 @@
+securityContext:
+  allowPrivilegeEscalation: false
+containers:
+- name: keycloak
+  image: "quay.io/keycloak/keycloak:{{ item.value.version }}"
+  # securityContext:
+  #   runAsUser: {{ keycloak_app_uid }}
+  #   runAsGroup: {{ keycloak_app_gid }}
+  resources:
+    limits:
+      memory: "1Gi"
+  env:
+  - name: DB_VENDOR
+    value: mariadb
+  - name: DB_ADDR
+    value: 127.0.0.1
+  - name: DB_DATABASE
+    value: keycloak
+  - name: DB_USER
+    value: keycloak
+  - name: DB_PASSWORD
+    value: "{{ item.value.database.password }}"
+  - name: KEYCLOAK_USER
+    value: "{{ item.value.admin.username }}"
+  - name: KEYCLOAK_PASSWORD
+    value: "{{ item.value.admin.password }}"
+  - name: KEYCLOAK_FRONTEND_URL
+    value: "https://{{ item.value.hostname }}"
+  ports:
+  - containerPort: 8080
+    hostPort: {{ item.value.port }}
+    hostIP: 127.0.0.1
+- name: database
+  image: "mariadb:{{ item.value.database.version }}"
+  securityContext:
+    runAsUser: {{ keycloak_db_uid }}
+    runAsGroup: {{ keycloak_db_gid }}
+  resources:
+    limits:
+      memory: "512Mi"
+{% if 'new' in item.value and item.value.new %}
+  env:
+  - name: MYSQL_RANDOM_ROOT_PASSWORD
+    value: "true"
+  - name: MYSQL_DATABASE
+    value: keycloak
+  - name: MYSQL_USER
+    value: keycloak
+  - name: MYSQL_PASSWORD
+    value: "{{ item.value.database.password }}"
+{% endif %}
+  volumeMounts:
+  - name: database
+    mountPath: /var/lib/mysql
+volumes:
+- name: database
+  hostPath:
+    path: "{{ keycloak_base_path }}/{{ item.key }}/{{ item.value.database.type }}"
+    type: Directory