apiVersion: v1 kind: Pod metadata: annotations: checksum/configmap-env-vars: 5725d51a3ce4dc8f1207b43b33d37b63e19b8ce676cf98cc2e21826fc8ec8494 checksum/secrets: 830258207d81ff9db735e1e3c9485906271c0edf25b63a02605dac9ae09c232c creationTimestamp: "2026-05-14T11:21:01Z" generateName: keycloak- labels: app.kubernetes.io/component: keycloak app.kubernetes.io/instance: keycloak app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: keycloak app.kubernetes.io/version: 24.0.5 apps.kubernetes.io/pod-index: "0" controller-revision-hash: keycloak-757589d489 helm.sh/chart: keycloak-21.4.1 statefulset.kubernetes.io/pod-name: keycloak-0 name: keycloak-0 namespace: auth-system ownerReferences: - apiVersion: apps/v1 blockOwnerDeletion: true controller: true kind: StatefulSet name: keycloak uid: b1a5c5ed-68d1-4635-a86e-b5c6703b10d3 resourceVersion: "3486" uid: 190ef636-8c0a-474f-af6f-6f06cf2b1e6d spec: affinity: podAntiAffinity: preferredDuringSchedulingIgnoredDuringExecution: - podAffinityTerm: labelSelector: matchLabels: app.kubernetes.io/instance: keycloak app.kubernetes.io/name: keycloak topologyKey: kubernetes.io/hostname weight: 1 automountServiceAccountToken: true containers: - command: - /opt/keycloak/bin/kc.sh - --verbose - start - --health-enabled=true - --http-enabled=true - --http-port=8080 - --hostname-strict=false - --spi-events-listener-jboss-logging-success-level=info - --spi-events-listener-jboss-logging-error-level=warn - --transaction-xa-enabled=false - --metrics-enabled=true env: - name: KUBERNETES_NAMESPACE valueFrom: fieldRef: apiVersion: v1 fieldPath: metadata.namespace - name: BITNAMI_DEBUG value: "false" - name: KEYCLOAK_ADMIN_PASSWORD valueFrom: secretKeyRef: key: admin-password name: keycloak - name: KEYCLOAK_DATABASE_PASSWORD valueFrom: secretKeyRef: key: db-password name: keycloak-externaldb - name: KEYCLOAK_HTTP_RELATIVE_PATH value: / - name: KC_FEATURES value: token-exchange,admin-fine-grained-authz - name: KC_PROXY value: edge - name: KC_DB value: mysql - name: KC_DB_URL value: jdbc:mysql://percona-xtradb-haproxy.openstack:3306/keycloak - name: KC_DB_USERNAME value: keycloak - name: KC_DB_PASSWORD valueFrom: secretKeyRef: key: db-password name: keycloak-externaldb envFrom: - configMapRef: name: keycloak-env-vars image: harbor.atmosphere.dev/quay.io/keycloak/keycloak:24.0.5-0 imagePullPolicy: IfNotPresent livenessProbe: failureThreshold: 3 initialDelaySeconds: 300 periodSeconds: 1 successThreshold: 1 tcpSocket: port: http timeoutSeconds: 5 name: keycloak ports: - containerPort: 8080 name: http protocol: TCP - containerPort: 7800 name: discovery protocol: TCP readinessProbe: failureThreshold: 3 httpGet: path: /realms/master port: http scheme: HTTP initialDelaySeconds: 30 periodSeconds: 10 successThreshold: 1 timeoutSeconds: 1 resources: limits: cpu: 750m ephemeral-storage: 1Gi memory: 768Mi requests: cpu: 500m ephemeral-storage: 50Mi memory: 512Mi securityContext: allowPrivilegeEscalation: false capabilities: drop: - ALL privileged: false readOnlyRootFilesystem: false runAsGroup: 1001 runAsNonRoot: true runAsUser: 1000 seLinuxOptions: {} seccompProfile: type: RuntimeDefault startupProbe: failureThreshold: 120 httpGet: path: / port: http scheme: HTTP initialDelaySeconds: 5 periodSeconds: 5 successThreshold: 1 timeoutSeconds: 1 terminationMessagePath: /dev/termination-log terminationMessagePolicy: File volumeMounts: - mountPath: /tmp name: empty-dir subPath: tmp-dir - mountPath: /opt/bitnami/keycloak/conf name: empty-dir subPath: app-conf-dir - mountPath: /opt/bitnami/keycloak/lib/quarkus name: empty-dir subPath: app-quarkus-dir - mountPath: /opt/bitnami/keycloak/data name: empty-dir subPath: app-data-dir - mountPath: /var/run/secrets/kubernetes.io/serviceaccount name: kube-api-access-r6gww readOnly: true dnsPolicy: ClusterFirst enableServiceLinks: true hostname: keycloak-0 nodeName: instance nodeSelector: openstack-control-plane: enabled preemptionPolicy: PreemptLowerPriority priority: 0 restartPolicy: Always schedulerName: default-scheduler securityContext: fsGroup: 1001 fsGroupChangePolicy: Always serviceAccount: keycloak serviceAccountName: keycloak subdomain: keycloak-headless terminationGracePeriodSeconds: 30 tolerations: - effect: NoExecute key: node.kubernetes.io/not-ready operator: Exists tolerationSeconds: 300 - effect: NoExecute key: node.kubernetes.io/unreachable operator: Exists tolerationSeconds: 300 volumes: - emptyDir: {} name: empty-dir - name: kube-api-access-r6gww projected: defaultMode: 420 sources: - serviceAccountToken: expirationSeconds: 3607 path: token - configMap: items: - key: ca.crt path: ca.crt name: kube-root-ca.crt - downwardAPI: items: - fieldRef: apiVersion: v1 fieldPath: metadata.namespace path: namespace status: conditions: - lastProbeTime: null lastTransitionTime: "2026-05-14T11:21:01Z" status: "True" type: Initialized - lastProbeTime: null lastTransitionTime: "2026-05-14T11:23:23Z" status: "True" type: Ready - lastProbeTime: null lastTransitionTime: "2026-05-14T11:23:23Z" status: "True" type: ContainersReady - lastProbeTime: null lastTransitionTime: "2026-05-14T11:21:01Z" status: "True" type: PodScheduled containerStatuses: - containerID: containerd://4e8fa699bbb56bbbe08b1f2e719f3a55c788265203a664aa1decfb2269ce155c image: harbor.atmosphere.dev/quay.io/keycloak/keycloak:24.0.5-0 imageID: harbor.atmosphere.dev/quay.io/keycloak/keycloak@sha256:c916c668a5cd589948c3310ab31ffcfc5da55f0e546028f2f606419ce17c6ad8 lastState: {} name: keycloak ready: true restartCount: 0 started: true state: running: startedAt: "2026-05-14T11:21:08Z" hostIP: 199.204.45.156 phase: Running podIP: 10.0.0.197 podIPs: - ip: 10.0.0.197 qosClass: Burstable startTime: "2026-05-14T11:21:01Z"