apiVersion: v1 kind: Pod metadata: annotations: checksum/configmap-env-vars: 5725d51a3ce4dc8f1207b43b33d37b63e19b8ce676cf98cc2e21826fc8ec8494 checksum/secrets: 389edbafac2da667eb6504195a6ca5a68a036f4549e19bfcf58e85f6ae4ee447 creationTimestamp: "2026-06-09T09:52:51Z" generateName: keycloak- labels: app.kubernetes.io/component: keycloak app.kubernetes.io/instance: keycloak app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: keycloak app.kubernetes.io/version: 24.0.5 apps.kubernetes.io/pod-index: "0" controller-revision-hash: keycloak-54f96ddf58 helm.sh/chart: keycloak-21.4.1 statefulset.kubernetes.io/pod-name: keycloak-0 name: keycloak-0 namespace: auth-system ownerReferences: - apiVersion: apps/v1 blockOwnerDeletion: true controller: true kind: StatefulSet name: keycloak uid: 67b3fa47-66c4-4cce-a2b4-03761bb14702 resourceVersion: "3371" uid: 5a1fbf5f-a112-4248-9647-713ea3a08383 spec: affinity: podAntiAffinity: preferredDuringSchedulingIgnoredDuringExecution: - podAffinityTerm: labelSelector: matchLabels: app.kubernetes.io/instance: keycloak app.kubernetes.io/name: keycloak topologyKey: kubernetes.io/hostname weight: 1 automountServiceAccountToken: true containers: - command: - /opt/keycloak/bin/kc.sh - --verbose - start - --health-enabled=true - --http-enabled=true - --http-port=8080 - --hostname-strict=false - --spi-events-listener-jboss-logging-success-level=info - --spi-events-listener-jboss-logging-error-level=warn - --transaction-xa-enabled=false - --metrics-enabled=true env: - name: KUBERNETES_NAMESPACE valueFrom: fieldRef: apiVersion: v1 fieldPath: metadata.namespace - name: BITNAMI_DEBUG value: "false" - name: KEYCLOAK_ADMIN_PASSWORD valueFrom: secretKeyRef: key: admin-password name: keycloak - name: KEYCLOAK_DATABASE_PASSWORD valueFrom: secretKeyRef: key: db-password name: keycloak-externaldb - name: KEYCLOAK_HTTP_RELATIVE_PATH value: / - name: KC_FEATURES value: token-exchange,admin-fine-grained-authz - name: KC_PROXY value: edge - name: KC_DB value: mysql - name: KC_DB_URL value: jdbc:mysql://percona-xtradb-haproxy.openstack:3306/keycloak - name: KC_DB_USERNAME value: keycloak - name: KC_DB_PASSWORD valueFrom: secretKeyRef: key: db-password name: keycloak-externaldb envFrom: - configMapRef: name: keycloak-env-vars image: harbor.atmosphere.dev/quay.io/keycloak/keycloak:24.0.5-0 imagePullPolicy: IfNotPresent livenessProbe: failureThreshold: 3 initialDelaySeconds: 300 periodSeconds: 1 successThreshold: 1 tcpSocket: port: http timeoutSeconds: 5 name: keycloak ports: - containerPort: 8080 name: http protocol: TCP - containerPort: 7800 name: discovery protocol: TCP readinessProbe: failureThreshold: 3 httpGet: path: /realms/master port: http scheme: HTTP initialDelaySeconds: 30 periodSeconds: 10 successThreshold: 1 timeoutSeconds: 1 resources: limits: cpu: 750m ephemeral-storage: 1Gi memory: 768Mi requests: cpu: 500m ephemeral-storage: 50Mi memory: 512Mi securityContext: allowPrivilegeEscalation: false capabilities: drop: - ALL privileged: false readOnlyRootFilesystem: false runAsGroup: 1001 runAsNonRoot: true runAsUser: 1000 seLinuxOptions: {} seccompProfile: type: RuntimeDefault startupProbe: failureThreshold: 120 httpGet: path: / port: http scheme: HTTP initialDelaySeconds: 5 periodSeconds: 5 successThreshold: 1 timeoutSeconds: 1 terminationMessagePath: /dev/termination-log terminationMessagePolicy: File volumeMounts: - mountPath: /tmp name: empty-dir subPath: tmp-dir - mountPath: /opt/bitnami/keycloak/conf name: empty-dir subPath: app-conf-dir - mountPath: /opt/bitnami/keycloak/lib/quarkus name: empty-dir subPath: app-quarkus-dir - mountPath: /opt/bitnami/keycloak/data name: empty-dir subPath: app-data-dir - mountPath: /var/run/secrets/kubernetes.io/serviceaccount name: kube-api-access-llkjr readOnly: true dnsPolicy: ClusterFirst enableServiceLinks: true hostname: keycloak-0 nodeName: instance nodeSelector: openstack-control-plane: enabled preemptionPolicy: PreemptLowerPriority priority: 0 restartPolicy: Always schedulerName: default-scheduler securityContext: fsGroup: 1001 fsGroupChangePolicy: Always serviceAccount: keycloak serviceAccountName: keycloak subdomain: keycloak-headless terminationGracePeriodSeconds: 30 tolerations: - effect: NoExecute key: node.kubernetes.io/not-ready operator: Exists tolerationSeconds: 300 - effect: NoExecute key: node.kubernetes.io/unreachable operator: Exists tolerationSeconds: 300 volumes: - emptyDir: {} name: empty-dir - name: kube-api-access-llkjr projected: defaultMode: 420 sources: - serviceAccountToken: expirationSeconds: 3607 path: token - configMap: items: - key: ca.crt path: ca.crt name: kube-root-ca.crt - downwardAPI: items: - fieldRef: apiVersion: v1 fieldPath: metadata.namespace path: namespace status: conditions: - lastProbeTime: null lastTransitionTime: "2026-06-09T09:52:59Z" status: "True" type: PodReadyToStartContainers - lastProbeTime: null lastTransitionTime: "2026-06-09T09:52:51Z" status: "True" type: Initialized - lastProbeTime: null lastTransitionTime: "2026-06-09T09:55:13Z" status: "True" type: Ready - lastProbeTime: null lastTransitionTime: "2026-06-09T09:55:13Z" status: "True" type: ContainersReady - lastProbeTime: null lastTransitionTime: "2026-06-09T09:52:51Z" status: "True" type: PodScheduled containerStatuses: - containerID: containerd://1d49182002f2229539dbcfd872f35c07c7fc02830842e0a8670db5ae549f1288 image: harbor.atmosphere.dev/quay.io/keycloak/keycloak:24.0.5-0 imageID: harbor.atmosphere.dev/quay.io/keycloak/keycloak@sha256:c916c668a5cd589948c3310ab31ffcfc5da55f0e546028f2f606419ce17c6ad8 lastState: {} name: keycloak ready: true restartCount: 0 started: true state: running: startedAt: "2026-06-09T09:52:58Z" volumeMounts: - mountPath: /tmp name: empty-dir - mountPath: /opt/bitnami/keycloak/conf name: empty-dir - mountPath: /opt/bitnami/keycloak/lib/quarkus name: empty-dir - mountPath: /opt/bitnami/keycloak/data name: empty-dir - mountPath: /var/run/secrets/kubernetes.io/serviceaccount name: kube-api-access-llkjr readOnly: true recursiveReadOnly: Disabled hostIP: 199.204.45.235 hostIPs: - ip: 199.204.45.235 phase: Running podIP: 10.0.0.40 podIPs: - ip: 10.0.0.40 qosClass: Burstable startTime: "2026-06-09T09:52:51Z"