45 lines
1.1 KiB
YAML
45 lines
1.1 KiB
YAML
{{- if .Values.keycloak.enabled }}
|
|
apiVersion: k8s.keycloak.org/v2alpha1
|
|
kind: Keycloak
|
|
metadata:
|
|
name: {{ template "kubezero-lib.fullname" . }}
|
|
namespace: {{ .Release.Namespace }}
|
|
spec:
|
|
instances: 1
|
|
disableDefaultIngress: true
|
|
|
|
serverConfiguration:
|
|
- name: cache
|
|
value: local
|
|
{{- if .Values.postgresql.enabled }}
|
|
- name: db
|
|
value: postgres
|
|
- name: db-url-host
|
|
value: {{ template "kubezero-lib.fullname" . }}-postgresql
|
|
- name: db-username
|
|
value: keycloak
|
|
- name: db-password
|
|
secret:
|
|
name: {{ template "kubezero-lib.fullname" . }}-postgresql
|
|
key: password
|
|
{{- else }}
|
|
# Fallback to local file within the pod - dev ONLY !!
|
|
- name: db
|
|
value: dev-file
|
|
{{- end }}
|
|
- name: hostname-strict-https
|
|
value: "false"
|
|
- name: proxy
|
|
value: passthrough
|
|
- name: http-enabled
|
|
value: "true"
|
|
|
|
|
|
#hostname: INSECURE-DISABLE
|
|
hostname: {{ default "keycloak" .Values.keycloak.istio.url }}
|
|
|
|
# We use Istio Ingress to terminate TLS
|
|
# mTls down the road
|
|
tlsSecret: INSECURE-DISABLE
|
|
{{- end }}
|