securityContext:
  allowPrivilegeEscalation: false
containers:
- name: keycloak
  image: "quay.io/keycloak/keycloak:{{ item.value.version }}"
  # securityContext:
  #   runAsUser: {{ keycloak_app_uid }}
  #   runAsGroup: {{ keycloak_app_gid }}
  resources:
    limits:
      memory: "1Gi"
  env:
  - name: DB_VENDOR
    value: mariadb
  - name: DB_ADDR
    value: 127.0.0.1
  - name: DB_DATABASE
    value: keycloak
  - name: DB_USER
    value: keycloak
  - name: DB_PASSWORD
    value: "{{ item.value.database.password }}"
  - name: KEYCLOAK_USER
    value: "{{ item.value.admin.username }}"
  - name: KEYCLOAK_PASSWORD
    value: "{{ item.value.admin.password }}"
  - name: KEYCLOAK_FRONTEND_URL
    value: "https://{{ item.value.hostname }}"
  ports:
  - containerPort: 8080
    hostPort: {{ item.value.port }}
    hostIP: 127.0.0.1
- name: database
  image: "mariadb:{{ item.value.database.version }}"
  securityContext:
    runAsUser: {{ keycloak_db_uid }}
    runAsGroup: {{ keycloak_db_gid }}
  resources:
    limits:
      memory: "512Mi"
{% if 'new' in item.value and item.value.new %}
  env:
  - name: MYSQL_RANDOM_ROOT_PASSWORD
    value: "true"
  - name: MYSQL_DATABASE
    value: keycloak
  - name: MYSQL_USER
    value: keycloak
  - name: MYSQL_PASSWORD
    value: "{{ item.value.database.password }}"
{% endif %}
  volumeMounts:
  - name: database
    mountPath: /var/lib/mysql
volumes:
- name: database
  hostPath:
    path: "{{ keycloak_base_path }}/{{ item.key }}/{{ item.value.database.type }}"
    type: Directory