apiVersion: apps/v1 kind: StatefulSet metadata: annotations: meta.helm.sh/release-name: keycloak meta.helm.sh/release-namespace: auth-system creationTimestamp: "2026-03-31T05:02:49Z" generation: 1 labels: app.kubernetes.io/component: keycloak app.kubernetes.io/instance: keycloak app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: keycloak helm.sh/chart: keycloak-16.0.3 name: keycloak namespace: auth-system resourceVersion: "2857" uid: b9296278-fc6b-4de6-a3d0-cb1306adb031 spec: persistentVolumeClaimRetentionPolicy: whenDeleted: Retain whenScaled: Retain podManagementPolicy: Parallel replicas: 1 revisionHistoryLimit: 10 selector: matchLabels: app.kubernetes.io/component: keycloak app.kubernetes.io/instance: keycloak app.kubernetes.io/name: keycloak serviceName: keycloak-headless template: metadata: annotations: checksum/configmap-env-vars: 800dc6cfe78d4b189b1518f19a6a3330bab50aed11868859983276176aa19518 checksum/secrets: 7ace7c7fc4dbd2bfc9bce95ffc72fe095cd000db4f018caa617d4828c204aced creationTimestamp: null labels: app.kubernetes.io/component: keycloak app.kubernetes.io/instance: keycloak app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: keycloak helm.sh/chart: keycloak-16.0.3 spec: affinity: podAntiAffinity: preferredDuringSchedulingIgnoredDuringExecution: - podAffinityTerm: labelSelector: matchLabels: app.kubernetes.io/instance: keycloak app.kubernetes.io/name: keycloak topologyKey: kubernetes.io/hostname weight: 1 containers: - command: - /opt/keycloak/bin/kc.sh - --verbose - start - --auto-build - --health-enabled=true - --http-enabled=true - --http-port=8080 - --hostname-strict=false - --spi-events-listener-jboss-logging-success-level=info - --spi-events-listener-jboss-logging-error-level=warn - --transaction-xa-enabled=false - --metrics-enabled=true env: - name: KUBERNETES_NAMESPACE valueFrom: fieldRef: apiVersion: v1 fieldPath: metadata.namespace - name: BITNAMI_DEBUG value: "false" - name: KEYCLOAK_ADMIN_PASSWORD valueFrom: secretKeyRef: key: admin-password name: keycloak - name: KEYCLOAK_DATABASE_PASSWORD valueFrom: secretKeyRef: key: db-password name: keycloak-externaldb - name: KEYCLOAK_HTTP_RELATIVE_PATH value: / - name: KC_PROXY value: edge - name: KC_DB value: mysql - name: KC_DB_URL value: jdbc:mysql://percona-xtradb-haproxy.openstack:3306/keycloak - name: KC_DB_USERNAME value: keycloak - name: KC_DB_PASSWORD valueFrom: secretKeyRef: key: db-password name: keycloak-externaldb envFrom: - configMapRef: name: keycloak-env-vars image: harbor.atmosphere.dev/quay.io/keycloak/keycloak:22.0.1-0 imagePullPolicy: IfNotPresent livenessProbe: failureThreshold: 3 httpGet: path: / port: http scheme: HTTP initialDelaySeconds: 300 periodSeconds: 1 successThreshold: 1 timeoutSeconds: 5 name: keycloak ports: - containerPort: 8080 name: http protocol: TCP - containerPort: 7800 name: infinispan protocol: TCP readinessProbe: failureThreshold: 3 httpGet: path: /realms/master port: http scheme: HTTP initialDelaySeconds: 30 periodSeconds: 10 successThreshold: 1 timeoutSeconds: 1 resources: {} securityContext: runAsNonRoot: true runAsUser: 1001 startupProbe: failureThreshold: 120 httpGet: path: / port: http scheme: HTTP initialDelaySeconds: 5 periodSeconds: 5 successThreshold: 1 timeoutSeconds: 1 terminationMessagePath: /dev/termination-log terminationMessagePolicy: File dnsPolicy: ClusterFirst enableServiceLinks: true nodeSelector: openstack-control-plane: enabled restartPolicy: Always schedulerName: default-scheduler securityContext: fsGroup: 1001 serviceAccount: keycloak serviceAccountName: keycloak terminationGracePeriodSeconds: 30 updateStrategy: rollingUpdate: partition: 0 type: RollingUpdate status: availableReplicas: 1 collisionCount: 0 currentReplicas: 1 currentRevision: keycloak-6b984ffd66 observedGeneration: 1 readyReplicas: 1 replicas: 1 updateRevision: keycloak-6b984ffd66 updatedReplicas: 1