apiVersion: v1
kind: Pod
metadata:
  annotations:
    checksum/configmap-env-vars: 800dc6cfe78d4b189b1518f19a6a3330bab50aed11868859983276176aa19518
    checksum/secrets: ccda8c67307ae0230e02fbaa5410e00f88a4dec0c01182620b7ca99c198caf6c
  creationTimestamp: "2026-03-04T01:25:55Z"
  generateName: keycloak-
  labels:
    app.kubernetes.io/component: keycloak
    app.kubernetes.io/instance: keycloak
    app.kubernetes.io/managed-by: Helm
    app.kubernetes.io/name: keycloak
    apps.kubernetes.io/pod-index: "0"
    controller-revision-hash: keycloak-6c89c84895
    helm.sh/chart: keycloak-16.0.3
    statefulset.kubernetes.io/pod-name: keycloak-0
  name: keycloak-0
  namespace: auth-system
  ownerReferences:
  - apiVersion: apps/v1
    blockOwnerDeletion: true
    controller: true
    kind: StatefulSet
    name: keycloak
    uid: 94963eb5-ffec-4bec-b7f9-9fa44c982ece
  resourceVersion: "2591"
  uid: 881acb8e-43ef-434d-b817-ec3d44fb025c
spec:
  affinity:
    podAntiAffinity:
      preferredDuringSchedulingIgnoredDuringExecution:
      - podAffinityTerm:
          labelSelector:
            matchLabels:
              app.kubernetes.io/instance: keycloak
              app.kubernetes.io/name: keycloak
          topologyKey: kubernetes.io/hostname
        weight: 1
  containers:
  - command:
    - /opt/keycloak/bin/kc.sh
    - --verbose
    - start
    - --auto-build
    - --health-enabled=true
    - --http-enabled=true
    - --http-port=8080
    - --hostname-strict=false
    - --spi-events-listener-jboss-logging-success-level=info
    - --spi-events-listener-jboss-logging-error-level=warn
    - --transaction-xa-enabled=false
    - --metrics-enabled=true
    env:
    - name: KUBERNETES_NAMESPACE
      valueFrom:
        fieldRef:
          apiVersion: v1
          fieldPath: metadata.namespace
    - name: BITNAMI_DEBUG
      value: "false"
    - name: KEYCLOAK_ADMIN_PASSWORD
      valueFrom:
        secretKeyRef:
          key: admin-password
          name: keycloak
    - name: KEYCLOAK_DATABASE_PASSWORD
      valueFrom:
        secretKeyRef:
          key: db-password
          name: keycloak-externaldb
    - name: KEYCLOAK_HTTP_RELATIVE_PATH
      value: /
    - name: KC_PROXY
      value: edge
    - name: KC_DB
      value: mysql
    - name: KC_DB_URL
      value: jdbc:mysql://percona-xtradb-haproxy.openstack:3306/keycloak
    - name: KC_DB_USERNAME
      value: keycloak
    - name: KC_DB_PASSWORD
      valueFrom:
        secretKeyRef:
          key: db-password
          name: keycloak-externaldb
    envFrom:
    - configMapRef:
        name: keycloak-env-vars
    image: harbor.atmosphere.dev/quay.io/keycloak/keycloak:22.0.1-0
    imagePullPolicy: IfNotPresent
    livenessProbe:
      failureThreshold: 3
      httpGet:
        path: /
        port: http
        scheme: HTTP
      initialDelaySeconds: 300
      periodSeconds: 1
      successThreshold: 1
      timeoutSeconds: 5
    name: keycloak
    ports:
    - containerPort: 8080
      name: http
      protocol: TCP
    - containerPort: 7800
      name: infinispan
      protocol: TCP
    readinessProbe:
      failureThreshold: 3
      httpGet:
        path: /realms/master
        port: http
        scheme: HTTP
      initialDelaySeconds: 30
      periodSeconds: 10
      successThreshold: 1
      timeoutSeconds: 1
    resources: {}
    securityContext:
      runAsNonRoot: true
      runAsUser: 1001
    startupProbe:
      failureThreshold: 120
      httpGet:
        path: /
        port: http
        scheme: HTTP
      initialDelaySeconds: 5
      periodSeconds: 5
      successThreshold: 1
      timeoutSeconds: 1
    terminationMessagePath: /dev/termination-log
    terminationMessagePolicy: File
    volumeMounts:
    - mountPath: /var/run/secrets/kubernetes.io/serviceaccount
      name: kube-api-access-r94cn
      readOnly: true
  dnsPolicy: ClusterFirst
  enableServiceLinks: true
  hostname: keycloak-0
  nodeName: instance
  nodeSelector:
    openstack-control-plane: enabled
  preemptionPolicy: PreemptLowerPriority
  priority: 0
  restartPolicy: Always
  schedulerName: default-scheduler
  securityContext:
    fsGroup: 1001
  serviceAccount: keycloak
  serviceAccountName: keycloak
  subdomain: keycloak-headless
  terminationGracePeriodSeconds: 30
  tolerations:
  - effect: NoExecute
    key: node.kubernetes.io/not-ready
    operator: Exists
    tolerationSeconds: 300
  - effect: NoExecute
    key: node.kubernetes.io/unreachable
    operator: Exists
    tolerationSeconds: 300
  volumes:
  - name: kube-api-access-r94cn
    projected:
      defaultMode: 420
      sources:
      - serviceAccountToken:
          expirationSeconds: 3607
          path: token
      - configMap:
          items:
          - key: ca.crt
            path: ca.crt
          name: kube-root-ca.crt
      - downwardAPI:
          items:
          - fieldRef:
              apiVersion: v1
              fieldPath: metadata.namespace
            path: namespace
status:
  conditions:
  - lastProbeTime: null
    lastTransitionTime: "2026-03-04T01:25:55Z"
    status: "True"
    type: Initialized
  - lastProbeTime: null
    lastTransitionTime: "2026-03-04T01:26:51Z"
    status: "True"
    type: Ready
  - lastProbeTime: null
    lastTransitionTime: "2026-03-04T01:26:51Z"
    status: "True"
    type: ContainersReady
  - lastProbeTime: null
    lastTransitionTime: "2026-03-04T01:25:55Z"
    status: "True"
    type: PodScheduled
  containerStatuses:
  - containerID: containerd://2d45266244ded7373cd079b22f75e11351f6fc7e554b08096588477b601fe23f
    image: harbor.atmosphere.dev/quay.io/keycloak/keycloak:22.0.1-0
    imageID: harbor.atmosphere.dev/quay.io/keycloak/keycloak@sha256:5b872e841ea9e394d89bdf250146434532d9c2001404540d46621d60f87494e7
    lastState: {}
    name: keycloak
    ready: true
    restartCount: 0
    started: true
    state:
      running:
        startedAt: "2026-03-04T01:26:05Z"
  hostIP: 162.253.55.200
  phase: Running
  podIP: 10.0.0.182
  podIPs:
  - ip: 10.0.0.182
  qosClass: BestEffort
  startTime: "2026-03-04T01:25:55Z"