securityContext: allowPrivilegeEscalation: false containers: - name: keycloak image: "quay.io/keycloak/keycloak:{{ item.value.version }}" # securityContext: # runAsUser: {{ keycloak_app_uid }} # runAsGroup: {{ keycloak_app_gid }} resources: limits: memory: "1Gi" env: - name: DB_VENDOR value: mariadb - name: DB_ADDR value: 127.0.0.1 - name: DB_DATABASE value: keycloak - name: DB_USER value: keycloak - name: DB_PASSWORD value: "{{ item.value.database.password }}" - name: KEYCLOAK_USER value: "{{ item.value.admin.username }}" - name: KEYCLOAK_PASSWORD value: "{{ item.value.admin.password }}" - name: KEYCLOAK_FRONTEND_URL value: "https://{{ item.value.hostname }}" ports: - containerPort: 8080 hostPort: {{ item.value.port }} hostIP: 127.0.0.1 - name: database image: "mariadb:{{ item.value.database.version }}" securityContext: runAsUser: {{ keycloak_db_uid }} runAsGroup: {{ keycloak_db_gid }} resources: limits: memory: "512Mi" {% if 'new' in item.value and item.value.new %} env: - name: MYSQL_RANDOM_ROOT_PASSWORD value: "true" - name: MYSQL_DATABASE value: keycloak - name: MYSQL_USER value: keycloak - name: MYSQL_PASSWORD value: "{{ item.value.database.password }}" {% endif %} volumeMounts: - name: database mountPath: /var/lib/mysql volumes: - name: database hostPath: path: "{{ keycloak_base_path }}/{{ item.key }}/{{ item.value.database.type }}" type: Directory