64 lines
1.9 KiB
YAML
64 lines
1.9 KiB
YAML
keycloak_enabled: true
|
|
keycloak_publish: false
|
|
keycloak_console_publish: false
|
|
keycloak_use_external_db: true
|
|
keycloak_chart_ref: "codecentric/keycloakx"
|
|
keycloak_short_name: "keycloak"
|
|
keycloak_console_short_name: "console"
|
|
keycloak_default_values:
|
|
command:
|
|
- /opt/keycloak/bin/kc.sh
|
|
- start
|
|
- --http-enabled=true
|
|
- --http-port=8080
|
|
- --hostname={{ keycloak_short_name }}.{{ domain }}
|
|
- --hostname-strict=false
|
|
- --hostname-strict-https=false
|
|
database:
|
|
database: "keycloak"
|
|
hostname: "{{ postgres_db_team | default(namespace) }}-postgres.{{ postgres_db_namespace | default(namespace) }}"
|
|
username: "{{ keycloak_db_username | default(omit) }}"
|
|
password: "{{ keycloak_db_password | default(omit) }}"
|
|
port: 5432
|
|
vendor: postgres
|
|
extraEnv: |
|
|
- name: KEYCLOAK_ADMIN
|
|
value: admin
|
|
- name: KEYCLOAK_ADMIN_PASSWORD
|
|
value: {{ keycloak_admin_password }}
|
|
- name: JAVA_OPTS_APPEND
|
|
value: >-
|
|
-Djgroups.dns.query={{ keycloak_short_name }}-keycloakx-headless
|
|
ingress:
|
|
annotations:
|
|
cert-manager.io/cluster-issuer: letsencrypt-prod
|
|
enabled: true
|
|
ingressClassName: "{{ external_ingress_class if minio_publish else internal_ingress_class }}"
|
|
rules:
|
|
- host: "{{ keycloak_short_name }}.{{ domain }}"
|
|
paths:
|
|
- path: /auth/
|
|
pathType: Prefix
|
|
servicePort: http
|
|
tls:
|
|
- hosts:
|
|
- "{{ keycloak_short_name }}.{{ domain }}"
|
|
secretName: "{{ keycloak_short_name }}.{{ domain }}-tls"
|
|
|
|
keycloak_realms: {}
|
|
keycloak_clients: {}
|
|
keycloak_clients_default_protocol_mappings: {}
|
|
# - config:
|
|
# access.token.claim: true
|
|
# claim.name: "groups"
|
|
# id.token.claim: true
|
|
# jsonType.label: String
|
|
# user.attribute: groups
|
|
# userinfo.token.claim: true
|
|
# name: groups
|
|
# protocol: openid-connect
|
|
# protocolMapper: oidc-usermodel-attribute-mapper
|
|
|
|
keycloak_users: {}
|
|
keycloak_groups: {}
|