-
Notifications
You must be signed in to change notification settings - Fork 0
/
docker-compose.yml.dist
executable file
·46 lines (46 loc) · 1.66 KB
/
docker-compose.yml.dist
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
version: "3"
services:
etcd:
image: quay.io/coreos/etcd:v3.5.1
command:
- "/usr/local/bin/etcd"
- "--advertise-client-urls=http://etcd:2379"
- "--listen-client-urls=http://0.0.0.0:2379"
keycloak:
image: quay.io/keycloak/keycloak:19.0.2
environment:
KEYCLOAK_ADMIN: admin
KEYCLOAK_ADMIN_PASSWORD: admin
PROXY_ADDRESS_FORWARDING: "true"
JAVA_OPTS: "-Dkeycloak.profile.feature.token_exchange=enabled"
volumes:
- ./docker/k8s:/etc/x509/https
ports:
- "8443:8443"
command:
- "start"
- "--optimized"
- "--hostname=localhost"
- "--https-certificate-file=/etc/x509/https/common_cert_for_all.crt"
- "--https-certificate-key-file=/etc/x509/https/common_cert_key_for_all.key"
kube-api-server:
image: k8s.gcr.io/kube-apiserver:v1.23.4
depends_on:
- etcd
ports:
- "6443:6443"
volumes:
- ./docker/k8s:/var/run/kubernetes
command:
- "kube-apiserver"
- "--etcd-servers=etcd:2379"
- "--service-account-signing-key-file=/var/run/kubernetes/common_cert_key_for_all.key"
- "--service-account-key-file=/var/run/kubernetes/common_cert_for_all.crt"
- "--service-account-issuer=https://kube.local"
- "--client-ca-file=/var/run/kubernetes/admin-auth.crt"
- "--tls-private-key-file=/var/run/kubernetes/common_cert_key_for_all.key"
- "--tls-cert-file=/var/run/kubernetes/common_cert_for_all.crt"
- "--audit-log-path=/var/run/kubernetes/audit.log"
- "--audit-policy-file=/var/run/kubernetes/audit-policy.yaml"
- "--disable-admission-plugins=ServiceAccount"
- "--authorization-mode=RBAC"