-
Notifications
You must be signed in to change notification settings - Fork 26
/
keycloak-config.yaml
84 lines (78 loc) · 2.85 KB
/
keycloak-config.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
keycloak:
# lets use docker image with customized openjdk
image:
repository: PLACEHOLDER
tag: PLACEHOLDER
pullPolicy: IfNotPresent
ingress:
enabled: true
annotations:
kubernetes.io/ingress.class: nginx
certmanager.k8s.io/cluster-issuer: letsencrypt-prod
tls:
- hosts:
- keycloak.cbioportal.org
- genie-private-keycloak.cbioportal.org
- htan-keycloak.cbioportal.org
secretName: cbioportal-keycloak-cert
hosts:
- keycloak.cbioportal.org
- genie-private-keycloak.cbioportal.org
- htan-keycloak.cbioportal.org
extraInitContainers: |
- name: gene-private-cbioportal-theme-provider
image: cbioportal/keycloak:cbioportal-keycloak-custom-themes-v1.1
imagePullPolicy: IfNotPresent
command: ["/bin/sh", "-c"]
args:
- cp -R /themes/genie-private-cbioportal/* /genie-private-cbioportal-theme
volumeMounts:
- name: genie-private-cbioportal-theme
mountPath: /genie-private-cbioportal-theme
- name: htan-cbioportal-theme-provider
image: cbioportal/keycloak:cbioportal-keycloak-custom-themes-v1.1
imagePullPolicy: IfNotPresent
command: ["/bin/sh", "-c"]
args:
- cp -R /themes/htan-cbioportal/* /htan-cbioportal-theme
volumeMounts:
- name: htan-cbioportal-theme
mountPath: /htan-cbioportal-theme
extraVolumes: |
- name: aws-rds-tls-jks
secret:
secretName: aws-rds-tls-jks
- name: genie-private-cbioportal-theme
emptyDir: {}
- name: htan-cbioportal-theme
emptyDir: {}
extraVolumeMounts: |
- name: aws-rds-tls-jks
mountPath: /opt/aws-rds-tls-jks
readOnly: true
- name: genie-private-cbioportal-theme
mountPath: /opt/jboss/keycloak/themes/genie-private-cbioportal
- name: htan-cbioportal-theme
mountPath: /opt/jboss/keycloak/themes/htan-cbioportal
extraEnv: |
# setup ssl and use truststore containing AWS-RDS certs
- name: JDBC_PARAMS
value: useSSL=true&requireSSL=true&trustCertificateKeyStoreUrl=file:/opt/aws-rds-tls-jks/aws-rds-tls.jks&trustCertificateKeyStorePassword=changeit
# Tell keycloak we are already behind https
- name: PROXY_ADDRESS_FORWARDING
value: "true"
persistence:
# Disable deployment of the PostgreSQL chart
deployPostgres: false
# The database vendor. Can be either "postgres", "mysql", "mariadb", or "h2"
dbVendor: mysql
## The following values only apply if "deployPostgres" is set to "false"
# Optionally specify an existing secret
#existingSecret: "my-database-password-secret"
#existingSecretKey: "password-key in-my-database-secret"
dbName: PLACEHOLDER
dbHost: PLACEHOLDER
dbPort: 3306
dbUser: PLACEHOLDER
# Only used if no existing secret is specified. In this case a new secret is created
dbPassword: PLACEHOLDER