KubeZero/charts/kubezero-auth/templates/keycloak/keycloak.yaml

45 lines
1.1 KiB
YAML

{{- if .Values.keycloak.enabled }}
apiVersion: k8s.keycloak.org/v2alpha1
kind: Keycloak
metadata:
name: {{ template "kubezero-lib.fullname" . }}
namespace: {{ .Release.Namespace }}
spec:
instances: 1
disableDefaultIngress: true
serverConfiguration:
- name: cache
value: local
{{- if .Values.postgresql.enabled }}
- name: db
value: postgres
- name: db-url-host
value: {{ template "kubezero-lib.fullname" . }}-postgresql
- name: db-username
value: keycloak
- name: db-password
secret:
name: {{ template "kubezero-lib.fullname" . }}-postgresql
key: password
{{- else }}
# Fallback to local file within the pod - dev ONLY !!
- name: db
value: dev-file
{{- end }}
- name: hostname-strict-https
value: "false"
- name: proxy
value: passthrough
- name: http-enabled
value: "true"
#hostname: INSECURE-DISABLE
hostname: {{ default "keycloak" .Values.keycloak.istio.url }}
# We use Istio Ingress to terminate TLS
# mTls down the road
tlsSecret: INSECURE-DISABLE
{{- end }}