{{- if .Values.keycloak.enabled }}
apiVersion: k8s.keycloak.org/v2alpha1
kind: Keycloak
metadata:
  name: {{ template "kubezero-lib.fullname" . }}
  namespace: {{ .Release.Namespace }}
spec:
  instances: 1
  disableDefaultIngress: true

  serverConfiguration:
    - name: cache
      value: local
    {{- if .Values.postgresql.enabled }}
    - name: db
      value: postgres
    - name: db-url-host
      value: {{ template "kubezero-lib.fullname" . }}-postgresql
    - name: db-username
      value: keycloak
    - name: db-password
      secret:
        name: {{ template "kubezero-lib.fullname" . }}-postgresql
        key: password
    {{- else }}
    # Fallback to local file within the pod - dev ONLY !! 
    - name: db
      value: dev-file
    {{- end }}
    - name: hostname-strict-https
      value: "false"
    - name: proxy
      value: passthrough
    - name: http-enabled
      value: "true"


  #hostname: INSECURE-DISABLE
  hostname: {{ default "keycloak" .Values.keycloak.istio.url }}
    
  # We use Istio Ingress to terminate TLS
  # mTls down the road
  tlsSecret: INSECURE-DISABLE
{{- end }}