/
values.yaml
138 lines (128 loc) · 3.77 KB
/
values.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
# Default values for keycloak.
# This is a YAML-formatted file.
# Declare variables to be passed into your templates.
# ---------------------------------------
# Global variables
# ---------------------------------------
nameOverride: ""
namespaceOverride: ""
fullnameOverride: ""
restartPolicy: Always
# ---------------------------------------------
# Variable used in hpa template and deployment
# ---------------------------------------------
autoscaling:
enabled: false
minReplicas: 1
maxReplicas: 3
targetCPUUtilizationPercentage: 80
targetMemoryUtilizationPercentage: 80
# ---------------------------------------
# Variable used in Deployment template
# ---------------------------------------
deployment:
replicaCount: 1
# Additional Pod annotations
podAnnotations: {}
# Image pull secrets for the Pod
imagePullSecrets: []
# - name: myRegistrKeySecretName
# SecurityContext for the entire Pod. Every container running in the Pod will inherit this SecurityContext. This might be relevant when other components of the environment inject additional containers into running Pods (service meshes are the most prominent example for this)
podSecurityContext:
fsGroup: 1000
# SecurityContext for the Keycloak container
securityContext:
runAsUser: 1000
runAsNonRoot: true
image:
repository: quay.io/keycloak/keycloak
pullPolicy: IfNotPresent
## Overrides the default args for the Keycloak container
args: ["start-dev --features=account3,admin-fine-grained-authz,declarative-user-profile,recovery-codes,scripts,token-exchange"]
# Additional environment variables for Keycloak
extraEnv: ""
# Additional environment variables for Keycloak mapped from Secret or ConfigMap
extraEnvFrom: ""
# Define which port will be used in the containers
containerPort: 8080
# Liveness probe configuration
livenessProbe: |
httpGet:
path: /
port: http
initialDelaySeconds: 0
timeoutSeconds: 5
# Readiness probe configuration
readinessProbe: |
httpGet:
path: /realms/master
port: http
initialDelaySeconds: 30
timeoutSeconds: 1
# Startup probe configuration
startupProbe: |
httpGet:
path: /
port: http
initialDelaySeconds: 30
timeoutSeconds: 1
failureThreshold: 60
periodSeconds: 5
# Pod resource requests and limits
resources: {}
# requests:
# cpu: "500m"
# memory: "1024Mi"
# limits:
# cpu: "500m"
# memory: "1024Mi"
# Node labels for Pod assignment
nodeSelector: {}
# Pod affinity
affinity: {}
# Node taints to tolerate
tolerations: []
# ---------------------------------------
# Variable group used in ingress template
# ---------------------------------------
ingress:
enabled: true
className: ""
annotations:
cert-manager.io/cluster-issuer: letsencrypt
hosts:
- host: identity.keycloak.myplatform.eoepca.org
paths:
- path: /
pathType: Prefix
tls:
- secretName: identity-keycloak-tls-certificate
hosts:
- identity.keycloak.myplatform.eoepca.org
# ---------------------------------------
# Variable group used in ingress template
# ---------------------------------------
service:
type: ClusterIP
port: 8080
serviceAccount:
# Specifies whether a service account should be created
create: false
# Annotations to add to the service account
annotations: {}
# The name of the service account to use.
# If not set and create is true, a name is generated using the fullname template
name: ""
configMap:
keycloakLoglevel: DEBUG
wildflyLoglevel: DEBUG
keycloakAdmin: "admin"
kcProxy: "edge"
kcHostnameStrict: "false"
kcDb: "postgres"
kcDbUsername: "keycloak"
kcDbUrlHost: "identity-postgres"
kcDbUrlPort: "5432"
secrets:
kcDbPassword: ""
keycloakAdminPassword: ""