{{- if .Values.keycloak.enabled }}
apiVersion: k8s.keycloak.org/v2alpha1
kind: Keycloak
metadata:
  name: {{ template "kubezero-lib.fullname" . }}
  namespace: {{ .Release.Namespace }}
  labels:
    {{- include "kubezero-lib.labels" . | nindent 4 }}
spec:
  instances: {{ .Values.keycloak.replicas }}

  additionalOptions:
    # Needs int casting thx to https://github.com/kubernetes-sigs/yaml/issues/45
    {{- if lt (int .Values.keycloak.replicas) 2 }}
    - name: cache
      value: local
    {{- end }}
    {{- if .Values.postgresql.enabled }}
    - name: db
      value: postgres
    - name: db-url-host
      value: {{ template "kubezero-lib.fullname" . }}-postgresql
    - name: db-username
      value: keycloak
    - name: db-password
      secret:
        name: {{ template "kubezero-lib.fullname" . }}-postgresql
        key: password
    {{- else }}
    # Fallback to local file within the pod - dev ONLY !! 
    - name: db
      value: dev-file
    {{- end }}
    - name: hostname-strict-https
      value: "false"
    - name: proxy
      value: edge
    - name: http-enabled
      value: "true"
    - name: log-console-output
      value: json


  ingress:
    enabled: false

  http:
    httpEnabled: true

  # We use Istio Ingress to terminate TLS
  # mTls down the road
  hostname:
    hostname: {{ default "keycloak" .Values.keycloak.istio.url }}
    strict: false
    strictBackchannel: false
{{- end }}