keycloak_enabled: true
keycloak_publish: false
keycloak_console_publish: false
keycloak_use_external_db: true
keycloak_chart_ref: "codecentric/keycloakx"
keycloak_short_name: "keycloak"
keycloak_console_short_name: "console"
keycloak_default_values:
  command:
  - /opt/keycloak/bin/kc.sh
  - start
  - --http-enabled=true
  - --http-port=8080
  - --hostname={{ keycloak_short_name }}.{{ domain }}
  - --hostname-strict=false
  - --hostname-strict-https=false
  database:
    database: "keycloak"
    hostname: "{{ postgres_db_team | default(namespace) }}-postgres.{{ postgres_db_namespace | default(namespace) }}"
    username: "{{ keycloak_db_username | default(omit) }}"
    password: "{{ keycloak_db_password | default(omit) }}"
    port: 5432
    vendor: postgres
  extraEnv: |
    - name: KEYCLOAK_ADMIN
      value: admin
    - name: KEYCLOAK_ADMIN_PASSWORD
      value: {{ keycloak_admin_password }}
    - name: JAVA_OPTS_APPEND
      value: >-
        -Djgroups.dns.query={{ keycloak_short_name }}-keycloakx-headless
  ingress:
    annotations:
      cert-manager.io/cluster-issuer: letsencrypt-prod
    enabled: true
    ingressClassName: "{{ external_ingress_class if minio_publish else internal_ingress_class }}"
    rules:
    - host: "{{ keycloak_short_name }}.{{ domain }}"
      paths:
      - path: /auth/
        pathType: Prefix
    servicePort: http
    tls:
    - hosts:
      - "{{ keycloak_short_name }}.{{ domain }}"
      secretName: "{{ keycloak_short_name }}.{{ domain }}-tls"

keycloak_realms: {}
keycloak_clients: {}
keycloak_clients_default_protocol_mappings: {}
#  - config:
#      access.token.claim: true
#      claim.name: "groups"
#      id.token.claim: true
#      jsonType.label: String
#      user.attribute: groups
#      userinfo.token.claim: true
#    name: groups
#    protocol: openid-connect
#    protocolMapper: oidc-usermodel-attribute-mapper

keycloak_users: {}
keycloak_groups: {}