apiVersion: v1 kind: Pod metadata: annotations: checksum/configmap-env-vars: 5725d51a3ce4dc8f1207b43b33d37b63e19b8ce676cf98cc2e21826fc8ec8494 checksum/secrets: 1d566ff906b4c0acf4e56348fa8ef4edeaa80d6686660442a539979a4d616122 creationTimestamp: "2026-04-19T13:26:13Z" generateName: keycloak- labels: app.kubernetes.io/component: keycloak app.kubernetes.io/instance: keycloak app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: keycloak app.kubernetes.io/version: 24.0.5 apps.kubernetes.io/pod-index: "0" controller-revision-hash: keycloak-646d6cbc57 helm.sh/chart: keycloak-21.4.1 statefulset.kubernetes.io/pod-name: keycloak-0 name: keycloak-0 namespace: auth-system ownerReferences: - apiVersion: apps/v1 blockOwnerDeletion: true controller: true kind: StatefulSet name: keycloak uid: 323b8f85-c5ea-4927-9584-757878df16ed resourceVersion: "3280" uid: 21146267-f494-4f00-aeef-648bbe74031a spec: affinity: podAntiAffinity: preferredDuringSchedulingIgnoredDuringExecution: - podAffinityTerm: labelSelector: matchLabels: app.kubernetes.io/instance: keycloak app.kubernetes.io/name: keycloak topologyKey: kubernetes.io/hostname weight: 1 automountServiceAccountToken: true containers: - command: - /opt/keycloak/bin/kc.sh - --verbose - start - --health-enabled=true - --http-enabled=true - --http-port=8080 - --hostname-strict=false - --spi-events-listener-jboss-logging-success-level=info - --spi-events-listener-jboss-logging-error-level=warn - --transaction-xa-enabled=false - --metrics-enabled=true env: - name: KUBERNETES_NAMESPACE valueFrom: fieldRef: apiVersion: v1 fieldPath: metadata.namespace - name: BITNAMI_DEBUG value: "false" - name: KEYCLOAK_ADMIN_PASSWORD valueFrom: secretKeyRef: key: admin-password name: keycloak - name: KEYCLOAK_DATABASE_PASSWORD valueFrom: secretKeyRef: key: db-password name: keycloak-externaldb - name: KEYCLOAK_HTTP_RELATIVE_PATH value: / - name: KC_FEATURES value: token-exchange,admin-fine-grained-authz - name: KC_PROXY value: edge - name: KC_DB value: mysql - name: KC_DB_URL value: jdbc:mysql://percona-xtradb-haproxy.openstack:3306/keycloak - name: KC_DB_USERNAME value: keycloak - name: KC_DB_PASSWORD valueFrom: secretKeyRef: key: db-password name: keycloak-externaldb envFrom: - configMapRef: name: keycloak-env-vars image: harbor.atmosphere.dev/quay.io/keycloak/keycloak:24.0.5-0 imagePullPolicy: IfNotPresent livenessProbe: failureThreshold: 3 initialDelaySeconds: 300 periodSeconds: 1 successThreshold: 1 tcpSocket: port: http timeoutSeconds: 5 name: keycloak ports: - containerPort: 8080 name: http protocol: TCP - containerPort: 7800 name: discovery protocol: TCP readinessProbe: failureThreshold: 3 httpGet: path: /realms/master port: http scheme: HTTP initialDelaySeconds: 30 periodSeconds: 10 successThreshold: 1 timeoutSeconds: 1 resources: limits: cpu: 750m ephemeral-storage: 1Gi memory: 768Mi requests: cpu: 500m ephemeral-storage: 50Mi memory: 512Mi securityContext: allowPrivilegeEscalation: false capabilities: drop: - ALL privileged: false readOnlyRootFilesystem: false runAsGroup: 1001 runAsNonRoot: true runAsUser: 1000 seLinuxOptions: {} seccompProfile: type: RuntimeDefault startupProbe: failureThreshold: 120 httpGet: path: / port: http scheme: HTTP initialDelaySeconds: 5 periodSeconds: 5 successThreshold: 1 timeoutSeconds: 1 terminationMessagePath: /dev/termination-log terminationMessagePolicy: File volumeMounts: - mountPath: /tmp name: empty-dir subPath: tmp-dir - mountPath: /opt/bitnami/keycloak/conf name: empty-dir subPath: app-conf-dir - mountPath: /opt/bitnami/keycloak/lib/quarkus name: empty-dir subPath: app-quarkus-dir - mountPath: /opt/bitnami/keycloak/data name: empty-dir subPath: app-data-dir - mountPath: /var/run/secrets/kubernetes.io/serviceaccount name: kube-api-access-pj8xs readOnly: true dnsPolicy: ClusterFirst enableServiceLinks: true hostname: keycloak-0 nodeName: instance nodeSelector: openstack-control-plane: enabled preemptionPolicy: PreemptLowerPriority priority: 0 restartPolicy: Always schedulerName: default-scheduler securityContext: fsGroup: 1001 fsGroupChangePolicy: Always serviceAccount: keycloak serviceAccountName: keycloak subdomain: keycloak-headless terminationGracePeriodSeconds: 30 tolerations: - effect: NoExecute key: node.kubernetes.io/not-ready operator: Exists tolerationSeconds: 300 - effect: NoExecute key: node.kubernetes.io/unreachable operator: Exists tolerationSeconds: 300 volumes: - emptyDir: {} name: empty-dir - name: kube-api-access-pj8xs projected: defaultMode: 420 sources: - serviceAccountToken: expirationSeconds: 3607 path: token - configMap: items: - key: ca.crt path: ca.crt name: kube-root-ca.crt - downwardAPI: items: - fieldRef: apiVersion: v1 fieldPath: metadata.namespace path: namespace status: conditions: - lastProbeTime: null lastTransitionTime: "2026-04-19T13:26:13Z" status: "True" type: Initialized - lastProbeTime: null lastTransitionTime: "2026-04-19T13:28:29Z" status: "True" type: Ready - lastProbeTime: null lastTransitionTime: "2026-04-19T13:28:29Z" status: "True" type: ContainersReady - lastProbeTime: null lastTransitionTime: "2026-04-19T13:26:13Z" status: "True" type: PodScheduled containerStatuses: - containerID: containerd://ba2e44073ca74878f6edd845689f3c8609579a27249fb7eedf64cf606e420f3d image: harbor.atmosphere.dev/quay.io/keycloak/keycloak:24.0.5-0 imageID: harbor.atmosphere.dev/quay.io/keycloak/keycloak@sha256:c916c668a5cd589948c3310ab31ffcfc5da55f0e546028f2f606419ce17c6ad8 lastState: {} name: keycloak ready: true restartCount: 0 started: true state: running: startedAt: "2026-04-19T13:26:20Z" hostIP: 199.204.45.233 phase: Running podIP: 10.0.0.31 podIPs: - ip: 10.0.0.31 qosClass: Burstable startTime: "2026-04-19T13:26:13Z"