ansible/roles/keycloak/defaults/main.yaml

keycloak_enabled: true
keycloak_publish: false
keycloak_console_publish: false
keycloak_use_external_db: true
keycloak_chart_ref: "codecentric/keycloakx"
keycloak_short_name: "keycloak"
keycloak_console_short_name: "console"
keycloak_default_values:
  command:
  - /opt/keycloak/bin/kc.sh
  - start
  - --http-enabled=true
  - --http-port=8080
  - --hostname={{ keycloak_short_name }}.{{ domain }}
  - --hostname-strict=false
  - --hostname-strict-https=false
  database:
    database: "keycloak"
    hostname: "{{ postgres_db_team | default(namespace) }}-postgres.{{ postgres_db_namespace | default(namespace) }}"
    username: "{{ keycloak_db_username | default(omit) }}"
    password: "{{ keycloak_db_password | default(omit) }}"
    port: 5432
    vendor: postgres
  extraEnv: |
    - name: KEYCLOAK_ADMIN
      value: admin
    - name: KEYCLOAK_ADMIN_PASSWORD
      value: {{ keycloak_admin_password }}
    - name: JAVA_OPTS_APPEND
      value: >-
        -Djgroups.dns.query={{ keycloak_short_name }}-keycloakx-headless
  ingress:
    annotations:
      cert-manager.io/cluster-issuer: letsencrypt-prod
    enabled: true
    ingressClassName: "{{ external_ingress_class if minio_publish else internal_ingress_class }}"
    rules:
    - host: "{{ keycloak_short_name }}.{{ domain }}"
      paths:
      - path: /auth/
        pathType: Prefix
    servicePort: http
    tls:
    - hosts:
      - "{{ keycloak_short_name }}.{{ domain }}"
      secretName: "{{ keycloak_short_name }}.{{ domain }}-tls"

keycloak_realms: {}
keycloak_clients: {}
keycloak_clients_default_protocol_mappings: {}
#  - config:
#      access.token.claim: true
#      claim.name: "groups"
#      id.token.claim: true
#      jsonType.label: String
#      user.attribute: groups
#      userinfo.token.claim: true
#    name: groups
#    protocol: openid-connect
#    protocolMapper: oidc-usermodel-attribute-mapper

keycloak_users: {}
keycloak_groups: {}
add keycloak 2024-05-06 00:00:10 +00:00			`keycloak_enabled: true`
			`keycloak_publish: false`
			`keycloak_console_publish: false`
			`keycloak_use_external_db: true`
			`keycloak_chart_ref: "codecentric/keycloakx"`
			`keycloak_short_name: "keycloak"`
			`keycloak_console_short_name: "console"`
			`keycloak_default_values:`
			`command:`
			`- /opt/keycloak/bin/kc.sh`
			`- start`
			`- --http-enabled=true`
			`- --http-port=8080`
			`- --hostname={{ keycloak_short_name }}.{{ domain }}`
			`- --hostname-strict=false`
			`- --hostname-strict-https=false`
			`database:`
			`database: "keycloak"`
			`hostname: "{{ postgres_db_team \| default(namespace) }}-postgres.{{ postgres_db_namespace \| default(namespace) }}"`
			`username: "{{ keycloak_db_username \| default(omit) }}"`
			`password: "{{ keycloak_db_password \| default(omit) }}"`
			`port: 5432`
			`vendor: postgres`
			`extraEnv: \|`
			`- name: KEYCLOAK_ADMIN`
			`value: admin`
			`- name: KEYCLOAK_ADMIN_PASSWORD`
			`value: {{ keycloak_admin_password }}`
			`- name: JAVA_OPTS_APPEND`
			`value: >-`
			`-Djgroups.dns.query={{ keycloak_short_name }}-keycloakx-headless`
			`ingress:`
			`annotations:`
			`cert-manager.io/cluster-issuer: letsencrypt-prod`
			`enabled: true`
			`ingressClassName: "{{ external_ingress_class if minio_publish else internal_ingress_class }}"`
			`rules:`
			`- host: "{{ keycloak_short_name }}.{{ domain }}"`
			`paths:`
			`- path: /auth/`
			`pathType: Prefix`
			`servicePort: http`
			`tls:`
			`- hosts:`
			`- "{{ keycloak_short_name }}.{{ domain }}"`
			`secretName: "{{ keycloak_short_name }}.{{ domain }}-tls"`

			`keycloak_realms: {}`
			`keycloak_clients: {}`
			`keycloak_clients_default_protocol_mappings: {}`
			`# - config:`
			`# access.token.claim: true`
			`# claim.name: "groups"`
			`# id.token.claim: true`
			`# jsonType.label: String`
			`# user.attribute: groups`
			`# userinfo.token.claim: true`
			`# name: groups`
			`# protocol: openid-connect`
			`# protocolMapper: oidc-usermodel-attribute-mapper`

			`keycloak_users: {}`
			`keycloak_groups: {}`