KubeZero/charts/kubezero-auth/templates/keycloak/keycloak.yaml

57 lines
1.4 KiB
YAML

{{- if .Values.keycloak.enabled }}
apiVersion: k8s.keycloak.org/v2alpha1
kind: Keycloak
metadata:
name: {{ template "kubezero-lib.fullname" . }}
namespace: {{ .Release.Namespace }}
labels:
{{- include "kubezero-lib.labels" . | nindent 4 }}
spec:
instances: {{ .Values.keycloak.replicas }}
additionalOptions:
# Needs int casting thx to https://github.com/kubernetes-sigs/yaml/issues/45
{{- if lt (int .Values.keycloak.replicas) 2 }}
- name: cache
value: local
{{- end }}
{{- if .Values.postgresql.enabled }}
- name: db
value: postgres
- name: db-url-host
value: {{ template "kubezero-lib.fullname" . }}-postgresql
- name: db-username
value: keycloak
- name: db-password
secret:
name: {{ template "kubezero-lib.fullname" . }}-postgresql
key: password
{{- else }}
# Fallback to local file within the pod - dev ONLY !!
- name: db
value: dev-file
{{- end }}
- name: hostname-strict-https
value: "false"
- name: proxy
value: edge
- name: http-enabled
value: "true"
- name: log-console-output
value: json
ingress:
enabled: false
http:
httpEnabled: true
# We use Istio Ingress to terminate TLS
# mTls down the road
hostname:
hostname: {{ default "keycloak" .Values.keycloak.istio.url }}
strict: false
strictBackchannel: false
{{- end }}