sa_8001/dsk-iac
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

ansible role update

Browse Source
This commit is contained in:
havelight-ee
2022-12-09 13:38:44 +09:00
parent 8391ca915d
commit 3af7e034fc
890 changed files with 79234 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

951
ansible/roles/helm_install/files/keycloak/values.yaml Normal file
View File

@@ -0,0 +1,951 @@
## @section Global parameters
## Global Docker image parameters
## Please, note that this will override the image parameters, including dependencies, configured to use the global value
## Current available global Docker image parameters: imageRegistry, imagePullSecrets and storageClass
##
## @param global.imageRegistry Global Docker image registry
## @param global.imagePullSecrets Global Docker registry secret names as an array
## @param global.storageClass Global StorageClass for Persistent Volume(s)
##
global:
imageRegistry: ""
## E.g.
## imagePullSecrets:
## - myRegistryKeySecretName
##
imagePullSecrets: []
storageClass: ""
## @section Common parameters
##
## @param kubeVersion Force target Kubernetes version (using Helm capabilities if not set)
##
kubeVersion: ""
## @param nameOverride String to partially override keycloak.fullname
##
nameOverride: ""
## @param fullnameOverride String to fully override keycloak.fullname
##
fullnameOverride: ""
## @param commonLabels Labels to add to all deployed objects
##
commonLabels: {}
## @param commonAnnotations Annotations to add to all deployed objects
##
commonAnnotations: {}
## @param clusterDomain Default Kubernetes cluster domain
##
clusterDomain: cluster.local
## @param extraDeploy Array of extra objects to deploy with the release
##
extraDeploy: []
## Enable diagnostic mode in the statefulset
##
diagnosticMode:
## @param diagnosticMode.enabled Enable diagnostic mode (all probes will be disabled and the command will be overridden)
##
enabled: false
## @param diagnosticMode.command Command to override all containers in the the statefulset
##
command:
- sleep
## @param diagnosticMode.args Args to override all containers in the the statefulset
##
args:
- infinity
## @section Keycloak parameters
## Bitnami Keycloak image version
## ref: https://hub.docker.com/r/bitnami/keycloak/tags/
## @param image.registry Keycloak image registry
## @param image.repository Keycloak image repository
## @param image.tag Keycloak image tag (immutable tags are recommended)
## @param image.pullPolicy Keycloak image pull policy
## @param image.pullSecrets Specify docker-registry secret names as an array
## @param image.debug Specify if debug logs should be enabled
##
image:
registry: docker.io
repository: bitnami/keycloak
tag: 16.1.1-debian-10-r85
## Specify a imagePullPolicy
## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent'
## ref: https://kubernetes.io/docs/user-guide/images/#pre-pulling-images
##
pullPolicy: IfNotPresent
## Optionally specify an array of imagePullSecrets.
## Secrets must be manually created in the namespace.
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/
## Example:
## pullSecrets:
## - myRegistryKeySecretName
##
pullSecrets: []
## Set to true if you would like to see extra information on logs
##
debug: false
## Keycloak authentication parameters
## ref: https://github.com/bitnami/bitnami-docker-keycloak#admin-credentials
##
auth:
## @param auth.createAdminUser Create administrator user on boot
##
createAdminUser: true
## @param auth.adminUser Keycloak administrator user
##
adminUser: user
## @param auth.adminPassword Keycloak administrator password for the new user
##
adminPassword: ""
## @param auth.managementUser Wildfly management user
##
managementUser: manager
## @param auth.managementPassword Wildfly management password
##
managementPassword: ""
## @param auth.existingSecret An already existing secret containing auth info
## e.g:
## existingSecret:
## name: mySecret
## keyMapping:
## admin-password: myPasswordKey
## management-password: myManagementPasswordKey
## tls-keystore-password: myTlsKeystorePasswordKey
## tls-truestore-password: myTlsTruestorePasswordKey
##
existingSecret: ""
## @param auth.existingSecretPerPassword Override `existingSecret` and other secret values
## e.g:
## existingSecretPerPassword:
## keyMapping:
## adminPassword: KEYCLOAK_ADMIN_PASSWORD
## managementPassword: KEYCLOAK_MANAGEMENT_PASSWORD
## databasePassword: password
## tlsKeystorePassword: JKS_KEYSTORE_TRUSTSTORE_PASSWORD
## tlsTruststorePassword: JKS_KEYSTORE_TRUSTSTORE_PASSWORD
## adminPassword:
## name: keycloak-test2.credentials ## release-name
## managementPassword:
## name: keycloak-test2.credentials
## databasePassword:
## name: keycloak.pocwatt-keycloak-cluster.credentials
## tlsKeystorePassword:
## name: keycloak-test2.credentials
## tlsTruststorePassword:
## name: keycloak-test2.credentials
##
existingSecretPerPassword: {}
## TLS encryption parameters
## ref: https://github.com/bitnami/bitnami-docker-keycloak#tls-encryption
##
tls:
## @param auth.tls.enabled Enable TLS encryption
##
enabled: false
## @param auth.tls.autoGenerated Generate automatically self-signed TLS certificates. Currently only supports PEM certificates
##
autoGenerated: false
## @param auth.tls.existingSecret Existing secret containing the TLS certificates per Keycloak replica
## Create this secret following the steps below:
## 1) Generate your trustore and keystore files (more info at https://www.keycloak.org/docs/latest/server_installation/#_setting_up_ssl)
## 2) Rename your truststore to `keycloak.truststore.jks`.
## 3) Rename your keystores to `keycloak-X.keystore.jks` where X is the ID of each Keycloak replica
## 4) Run the command below where SECRET_NAME is the name of the secret you want to create:
## kubectl create secret generic SECRET_NAME --from-file=./keycloak.truststore.jks --from-file=./keycloak-0.keystore.jks --from-file=./keycloak-1.keystore.jks ...
##
existingSecret: ""
## @param auth.tls.usePem Use PEM certificates as input instead of PKS12/JKS stores
## If "true", the Keycloak chart will look for the files ca.crt, keycloak-X.key and keycloak-X.crt inside the secret provided with 'existingSecret'.
## If keystorePassword and truststorePassword are not provided, they will be autogenerated.
##
usePem: false
## @param auth.tls.truststoreFilename Truststore specific filename inside the existing secret
## Note: Setting up this value, you will use the same trustore file in all the replicas
##
truststoreFilename: ""
## @param auth.tls.keystoreFilename Keystore specific filename inside the existing secret
## Note: Setting up this value, you will use the same trustore file in all the replicas
##
keystoreFilename: ""
## @param auth.tls.jksSecret DEPRECATED. Use `auth.tls.existingSecret` instead
##
jksSecret: ""
## @param auth.tls.keystorePassword Password to access the keystore when it's password-protected
##
keystorePassword: ""
## @param auth.tls.truststorePassword Password to access the truststore when it's password-protected
##
truststorePassword: ""
## Init containers' resource requests and limits
## ref: https://kubernetes.io/docs/user-guide/compute-resources/
## We usually recommend not to specify default resources and to leave this as a conscious
## choice for the user. This also increases chances charts run on environments with little
## resources, such as Minikube. If you do want to specify resources, uncomment the following
## lines, adjust them as necessary, and remove the curly braces after 'resources:'.
## @param auth.tls.resources.limits The resources limits for the TLS init container
## @param auth.tls.resources.requests The requested resources for the TLS init container
##
resources:
## Example:
## limits:
## cpu: 100m
## memory: 128Mi
##
limits: {}
## Examples:
## requests:
## cpu: 100m
## memory: 128Mi
##
requests: {}
## @param proxyAddressForwarding Enable Proxy Address Forwarding
## ref: https://www.keycloak.org/docs/latest/server_installation/#_setting-up-a-load-balancer-or-proxy
##
proxyAddressForwarding: false
## Keycloak Service Discovery settings
## ref: https://github.com/bitnami/bitnami-docker-keycloak#cluster-configuration
##
serviceDiscovery:
## @param serviceDiscovery.enabled Enable Service Discovery for Keycloak (required if `replicaCount` > `1`)
##
enabled: false
## @param serviceDiscovery.protocol Sets the protocol that Keycloak nodes would use to discover new peers
## Available protocols can be found at http://www.jgroups.org/javadoc3/org/jgroups/protocols/
##
protocol: kubernetes.KUBE_PING
## @param serviceDiscovery.properties Properties for the discovery protocol set in `serviceDiscovery.protocol` parameter
## List of key=>value pairs
## Example:
## properties:
## - datasource_jndi_name=>"java:jboss/datasources/KeycloakDS"
## - initialize_sql=>"CREATE TABLE IF NOT EXISTS JGROUPSPING ( own_addr varchar(200) NOT NULL, cluster_name varchar(200) NOT NULL, created timestamp default current_timestamp, ping_data BYTEA, constraint PK_JGROUPSPING PRIMARY KEY (own_addr, cluster_name))"
##
properties: []
## @param serviceDiscovery.transportStack Transport stack for the discovery protocol set in `serviceDiscovery.protocol` parameter
##
transportStack: tcp
## Keycloak cache settings
## ref: https://github.com/bitnami/bitnami-docker-keycloak#cluster-configuration
##
cache:
## @param cache.ownersCount Number of nodes that will replicate cached data
##
ownersCount: 1
## @param cache.authOwnersCount Number of nodes that will replicate cached authentication data
##
authOwnersCount: 1
## @param configuration Keycloak Configuration. Auto-generated based on other parameters when not specified
## Specify content for standalone-ha.xml
## NOTE: This will override configuring Keycloak based on environment variables (including those set by the chart)
## The standalone-ha.xml is auto-generated based on other parameters when this parameter is not specified
##
## Example:
## configuration: |-
## foo: bar
## baz:
##
configuration: ""
## @param existingConfigmap Name of existing ConfigMap with Keycloak configuration
## NOTE: When it's set the configuration parameter is ignored
##
existingConfigmap: ""
## @param extraStartupArgs Extra default startup args
##
extraStartupArgs: ""
## @param initdbScripts Dictionary of initdb scripts
## Specify dictionary of scripts to be run at first boot
## ref: https://github.com/bitnami/bitnami-docker-keycloak#initializing-a-new-instance
## Example:
## initdbScripts:
## my_init_script.sh: |
## #!/bin/bash
## echo "Do something."
##
initdbScripts: {}
## @param initdbScriptsConfigMap ConfigMap with the initdb scripts (Note: Overrides `initdbScripts`)
##
initdbScriptsConfigMap: ""
## @param command Override default container command (useful when using custom images)
##
command: []
## @param args Override default container args (useful when using custom images)
##
args: []
## @param extraEnvVars Extra environment variables to be set on Keycloak container
## Example:
## extraEnvVars:
## - name: FOO
## value: "bar"
##
extraEnvVars: []
## @param extraEnvVarsCM Name of existing ConfigMap containing extra env vars
##
extraEnvVarsCM: ""
## @param extraEnvVarsSecret Name of existing Secret containing extra env vars
##
extraEnvVarsSecret: ""
## @section Keycloak statefulset parameters
## @param replicaCount Number of Keycloak replicas to deploy
##
replicaCount: 1
## @param containerPorts.http Keycloak HTTP container port
## @param containerPorts.https Keycloak HTTPS container port
## @param containerPorts.management Keycloak management HTTP container port
##
containerPorts:
http: 8080
https: 8443
management: 9990
## Keycloak pods' SecurityContext
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod
## @param podSecurityContext.enabled Enabled Keycloak pods' Security Context
## @param podSecurityContext.fsGroup Set Keycloak pod's Security Context fsGroup
##
podSecurityContext:
enabled: true
fsGroup: 1001
## Keycloak containers' Security Context
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container
## @param containerSecurityContext.enabled Enabled Keycloak containers' Security Context
## @param containerSecurityContext.runAsUser Set Keycloak container's Security Context runAsUser
## @param containerSecurityContext.runAsNonRoot Set Keycloak container's Security Context runAsNonRoot
##
containerSecurityContext:
enabled: true
runAsUser: 1001
runAsNonRoot: true
## Keycloak resource requests and limits
## ref: https://kubernetes.io/docs/user-guide/compute-resources/
## @param resources.limits The resources limits for the Keycloak containers
## @param resources.requests The requested resources for the Keycloak containers
##
resources:
limits: {}
requests: {}
## Configure extra options for Keycloak containers' liveness, readiness and startup probes
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/#configure-probes
## @param livenessProbe.enabled Enable livenessProbe on Keycloak containers
## @param livenessProbe.initialDelaySeconds Initial delay seconds for livenessProbe
## @param livenessProbe.periodSeconds Period seconds for livenessProbe
## @param livenessProbe.timeoutSeconds Timeout seconds for livenessProbe
## @param livenessProbe.failureThreshold Failure threshold for livenessProbe
## @param livenessProbe.successThreshold Success threshold for livenessProbe
##
livenessProbe:
enabled: true
initialDelaySeconds: 300
periodSeconds: 1
timeoutSeconds: 5
failureThreshold: 3
successThreshold: 1
## @param readinessProbe.enabled Enable readinessProbe on Keycloak containers
## @param readinessProbe.initialDelaySeconds Initial delay seconds for readinessProbe
## @param readinessProbe.periodSeconds Period seconds for readinessProbe
## @param readinessProbe.timeoutSeconds Timeout seconds for readinessProbe
## @param readinessProbe.failureThreshold Failure threshold for readinessProbe
## @param readinessProbe.successThreshold Success threshold for readinessProbe
##
readinessProbe:
enabled: true
initialDelaySeconds: 30
periodSeconds: 10
timeoutSeconds: 1
failureThreshold: 3
successThreshold: 1
## When enabling this, make sure to set initialDelaySeconds to 0 for livenessProbe and readinessProbe
## @param startupProbe.enabled Enable startupProbe on Keycloak containers
## @param startupProbe.initialDelaySeconds Initial delay seconds for startupProbe
## @param startupProbe.periodSeconds Period seconds for startupProbe
## @param startupProbe.timeoutSeconds Timeout seconds for startupProbe
## @param startupProbe.failureThreshold Failure threshold for startupProbe
## @param startupProbe.successThreshold Success threshold for startupProbe
##
startupProbe:
enabled: false
initialDelaySeconds: 30
periodSeconds: 5
timeoutSeconds: 1
failureThreshold: 60
successThreshold: 1
## @param customLivenessProbe Custom Liveness probes for Keycloak
##
customLivenessProbe: {}
## @param customReadinessProbe Custom Rediness probes Keycloak
##
customReadinessProbe: {}
## @param customStartupProbe Custom Startup probes for Keycloak
##
customStartupProbe: {}
## @param lifecycleHooks LifecycleHooks to set additional configuration at startup
##
lifecycleHooks: {}
## @param hostAliases Deployment pod host aliases
## https://kubernetes.io/docs/concepts/services-networking/add-entries-to-pod-etc-hosts-with-host-aliases/
##
hostAliases: []
## @param podLabels Extra labels for Keycloak pods
## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/
##
podLabels: {}
## @param podAnnotations Annotations for Keycloak pods
## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/
##
podAnnotations: {}
## @param podAffinityPreset Pod affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard`
## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity
##
podAffinityPreset: ""
## @param podAntiAffinityPreset Pod anti-affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard`
## Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity
##
podAntiAffinityPreset: soft
## Node affinity preset
## Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity
##
nodeAffinityPreset:
## @param nodeAffinityPreset.type Node affinity preset type. Ignored if `affinity` is set. Allowed values: `soft` or `hard`
##
type: ""
## @param nodeAffinityPreset.key Node label key to match. Ignored if `affinity` is set.
## E.g.
## key: "kubernetes.io/e2e-az-name"
##
key: ""
## @param nodeAffinityPreset.values Node label values to match. Ignored if `affinity` is set.
## E.g.
## values:
## - e2e-az1
## - e2e-az2
##
values: []
## @param affinity Affinity for pod assignment
## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity
##
affinity: {}
## @param nodeSelector Node labels for pod assignment
## ref: https://kubernetes.io/docs/user-guide/node-selection/
##
nodeSelector: {}
## @param tolerations Tolerations for pod assignment
## ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/
##
tolerations: []
## @param topologySpreadConstraints Topology Spread Constraints for pod assignment spread across your cluster among failure-domains. Evaluated as a template
## Ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/#spread-constraints-for-pods
##
topologySpreadConstraints: {}
## @param podManagementPolicy Pod management policy for the Keycloak statefulset
##
podManagementPolicy: Parallel
## @param priorityClassName Keycloak pods' Priority Class Name
## ref: https://kubernetes.io/docs/concepts/configuration/pod-priority-preemption/
##
priorityClassName: ""
## @param schedulerName Use an alternate scheduler, e.g. "stork".
## ref: https://kubernetes.io/docs/tasks/administer-cluster/configure-multiple-schedulers/
##
schedulerName: ""
## @param terminationGracePeriodSeconds Seconds Keycloak pod needs to terminate gracefully
## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod/#termination-of-pods
##
terminationGracePeriodSeconds: ""
## @param updateStrategy.type Keycloak statefulset strategy type
## @param updateStrategy.rollingUpdate Keycloak statefulset rolling update configuration parameters
## ref: https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#update-strategies
##
updateStrategy:
type: RollingUpdate
rollingUpdate: {}
## @param extraVolumes Optionally specify extra list of additional volumes for Keycloak pods
##
extraVolumes: []
## @param extraVolumeMounts Optionally specify extra list of additional volumeMounts for Keycloak container(s)
##
extraVolumeMounts: []
## @param initContainers Add additional init containers to the Keycloak pods
## Example:
## initContainers:
## - name: your-image-name
## image: your-image
## imagePullPolicy: Always
## ports:
## - name: portname
## containerPort: 1234
##
initContainers: []
## @param sidecars Add additional sidecar containers to the Keycloak pods
## Example:
## sidecars:
## - name: your-image-name
## image: your-image
## imagePullPolicy: Always
## ports:
## - name: portname
## containerPort: 1234
##
sidecars: []
## @section Exposure parameters
##
## Service configuration
##
service:
## @param service.type Kubernetes service type
##
type: LoadBalancer
## @param service.ports.http Keycloak service HTTP port
## @param service.ports.https Keycloak service HTTPS port
##
ports:
http: 80
https: 443
## @param service.nodePorts [object] Specify the nodePort values for the LoadBalancer and NodePort service types.
## ref: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport
##
nodePorts:
http: ""
https: ""
## @param service.sessionAffinity Control where client requests go, to the same pod or round-robin
## Values: ClientIP or None
## ref: https://kubernetes.io/docs/user-guide/services/
##
sessionAffinity: None
## @param service.clusterIP Keycloak service clusterIP IP
## e.g:
## clusterIP: None
##
clusterIP: ""
## @param service.loadBalancerIP loadBalancerIP for the SuiteCRM Service (optional, cloud specific)
## ref: https://kubernetes.io/docs/user-guide/services/#type-loadbalancer
##
loadBalancerIP: ""
## @param service.loadBalancerSourceRanges Address that are allowed when service is LoadBalancer
## https://kubernetes.io/docs/tasks/access-application-cluster/configure-cloud-provider-firewall/#restrict-access-for-loadbalancer-service
## Example:
## loadBalancerSourceRanges:
## - 10.10.10.0/24
##
loadBalancerSourceRanges: []
## @param service.externalTrafficPolicy Enable client source IP preservation
## ref https://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/#preserving-the-client-source-ip
##
externalTrafficPolicy: Cluster
## @param service.annotations Additional custom annotations for Keycloak service
##
annotations: {}
## @param service.extraPorts Extra port to expose on Keycloak service
##
extraPorts: []
## Keycloak ingress parameters
## ref: https://kubernetes.io/docs/user-guide/ingress/
##
ingress:
## @param ingress.enabled Enable ingress record generation for Keycloak
##
enabled: false
## @param ingress.ingressClassName IngressClass that will be be used to implement the Ingress (Kubernetes 1.18+)
## This is supported in Kubernetes 1.18+ and required if you have more than one IngressClass marked as the default for your cluster .
## ref: https://kubernetes.io/blog/2020/04/02/improvements-to-the-ingress-api-in-kubernetes-1.18/
##
ingressClassName: ""
## @param ingress.pathType Ingress path type
##
pathType: ImplementationSpecific
## @param ingress.apiVersion Force Ingress API version (automatically detected if not set)
##
apiVersion: ""
## @param ingress.hostname Default host for the ingress record
##
hostname: keycloak.local
## @param ingress.path Default path for the ingress record
##
path: /
## @param ingress.servicePort Backend service port to use
## Default is http. Alternative is https.
##
servicePort: http
## @param ingress.annotations [object] Additional annotations for the Ingress resource. To enable certificate autogeneration, place here your cert-manager annotations.
## Use this parameter to set the required annotations for cert-manager, see
## ref: https://cert-manager.io/docs/usage/ingress/#supported-annotations
## e.g:
## annotations:
## kubernetes.io/ingress.class: nginx
## cert-manager.io/cluster-issuer: cluster-issuer-name
##
annotations: {}
## @param ingress.tls Enable TLS configuration for the host defined at `ingress.hostname` parameter
## TLS certificates will be retrieved from a TLS secret with name: `{{- printf "%s-tls" .Values.ingress.hostname }}`
## You can:
## - Use the `ingress.secrets` parameter to create this TLS secret
## - Relay on cert-manager to create it by setting the corresponding annotations
## - Relay on Helm to create self-signed certificates by setting `ingress.selfSigned=true`
##
tls: false
## @param ingress.selfSigned Create a TLS secret for this ingress record using self-signed certificates generated by Helm
##
selfSigned: false
## @param ingress.extraHosts An array with additional hostname(s) to be covered with the ingress record
## e.g:
## extraHosts:
## - name: keycloak.local
## path: /
##
extraHosts: []
## @param ingress.extraPaths Any additional arbitrary paths that may need to be added to the ingress under the main host.
## For example: The ALB ingress controller requires a special rule for handling SSL redirection.
## extraPaths:
## - path: /*
## backend:
## serviceName: ssl-redirect
## servicePort: use-annotation
##
extraPaths: []
## @param ingress.extraTls The tls configuration for additional hostnames to be covered with this ingress record.
## see: https://kubernetes.io/docs/concepts/services-networking/ingress/#tls
## extraTls:
## - hosts:
## - keycloak.local
## secretName: keycloak.local-tls
##
extraTls: []
## @param ingress.secrets If you're providing your own certificates, please use this to add the certificates as secrets
## key and certificate should start with -----BEGIN CERTIFICATE----- or
## -----BEGIN RSA PRIVATE KEY-----
##
## name should line up with a tlsSecret set further up
## If you're using cert-manager, this is unneeded, as it will create the secret for you if it is not set
##
## It is also possible to create and manage the certificates outside of this helm chart
## Please see README.md for more information
## e.g:
## - name: keycloak.local-tls
## key:
## certificate:
##
secrets: []
## Network Policy configuration
## ref: https://kubernetes.io/docs/concepts/services-networking/network-policies/
##
networkPolicy:
## @param networkPolicy.enabled Enable the default NetworkPolicy policy
##
enabled: false
## @param networkPolicy.allowExternal Don't require client label for connections
## The Policy model to apply. When set to false, only pods with the correct
## client label will have network access to the ports Keycloak is listening
## on. When true, Keycloak will accept connections from any source
## (with the correct destination port).
##
allowExternal: true
## @param networkPolicy.additionalRules Additional NetworkPolicy rules
## Note that all rules are OR-ed.
## Example:
## additionalRules:
## - matchLabels:
## - role: frontend
## - matchExpressions:
## - key: role
## operator: In
## values:
## - frontend
##
additionalRules: {}
## @section RBAC parameter
## Specifies whether a ServiceAccount should be created
##
serviceAccount:
## @param serviceAccount.create Enable the creation of a ServiceAccount for Keycloak pods
##
create: true
## @param serviceAccount.name Name of the created ServiceAccount
## If not set and create is true, a name is generated using the fullname template
##
name: ""
## @param serviceAccount.automountServiceAccountToken Auto-mount the service account token in the pod
##
automountServiceAccountToken: true
## @param serviceAccount.annotations Additional custom annotations for the ServiceAccount
##
annotations: {}
## Specifies whether RBAC resources should be created
##
rbac:
## @param rbac.create Whether to create and use RBAC resources or not
##
create: false
## @param rbac.rules Custom RBAC rules
## Example:
## rules:
## - apiGroups:
## - ""
## resources:
## - pods
## verbs:
## - get
## - list
##
rules: []
## @section Other parameters
##
## Keycloak Pod Disruption Budget configuration
## ref: https://kubernetes.io/docs/tasks/run-application/configure-pdb/
##
pdb:
## @param pdb.create Enable/disable a Pod Disruption Budget creation
##
create: false
## @param pdb.minAvailable Minimum number/percentage of pods that should remain scheduled
##
minAvailable: 1
## @param pdb.maxUnavailable Maximum number/percentage of pods that may be made unavailable
##
maxUnavailable: ""
## Keycloak Autoscaling configuration
## @param autoscaling.enabled Enable autoscaling for Keycloak
## @param autoscaling.minReplicas Minimum number of Keycloak replicas
## @param autoscaling.maxReplicas Maximum number of Keycloak replicas
## @param autoscaling.targetCPU Target CPU utilization percentage
## @param autoscaling.targetMemory Target Memory utilization percentage
##
autoscaling:
enabled: false
minReplicas: 1
maxReplicas: 11
targetCPU: ""
targetMemory: ""
## @section Metrics parameters
##
## Metrics configuration
##
metrics:
## @param metrics.enabled Enable exposing Keycloak statistics
## ref: https://github.com/bitnami/bitnami-docker-keycloak#enabling-statistics
##
enabled: false
## Keycloak metrics service parameters
##
service:
## @param metrics.service.ports.http Metrics service HTTP port
##
ports:
http: 9990
## @param metrics.service.annotations [object] Annotations for enabling prometheus to access the metrics endpoints
##
annotations:
prometheus.io/scrape: "true"
prometheus.io/port: "{{ .Values.metrics.service.ports.http }}"
## Prometheus Operator ServiceMonitor configuration
##
serviceMonitor:
## @param metrics.serviceMonitor.enabled Create ServiceMonitor Resource for scraping metrics using PrometheusOperator
##
enabled: false
## @param metrics.serviceMonitor.namespace Namespace which Prometheus is running in
##
namespace: ""
## @param metrics.serviceMonitor.interval Interval at which metrics should be scraped
##
interval: 30s
## @param metrics.serviceMonitor.scrapeTimeout Specify the timeout after which the scrape is ended
## e.g:
## scrapeTimeout: 30s
##
scrapeTimeout: ""
## @param metrics.serviceMonitor.labels Additional labels that can be used so ServiceMonitor will be discovered by Prometheus
##
labels: {}
## @param metrics.serviceMonitor.selector Prometheus instance selector labels
## ref: https://github.com/bitnami/charts/tree/master/bitnami/prometheus-operator#prometheus-configuration
##
selector: {}
## @param metrics.serviceMonitor.relabelings RelabelConfigs to apply to samples before scraping
##
relabelings: []
## @param metrics.serviceMonitor.metricRelabelings MetricRelabelConfigs to apply to samples before ingestion
##
metricRelabelings: []
## @param metrics.serviceMonitor.honorLabels honorLabels chooses the metric's labels on collisions with target labels
##
honorLabels: false
## @param metrics.serviceMonitor.jobLabel The name of the label on the target service to use as the job name in prometheus.
##
jobLabel: ""
## @section keycloak-config-cli parameters
## Configuration for keycloak-config-cli
## ref: https://github.com/adorsys/keycloak-config-cli
##
keycloakConfigCli:
## @param keycloakConfigCli.enabled Whether to enable keycloak-config-cli job
##
enabled: false
## Bitnami keycloak-config-cli image
## ref: https://hub.docker.com/r/bitnami/keycloak-config-cli/tags/
## @param keycloakConfigCli.image.registry keycloak-config-cli container image registry
## @param keycloakConfigCli.image.repository keycloak-config-cli container image repository
## @param keycloakConfigCli.image.tag keycloak-config-cli container image tag
## @param keycloakConfigCli.image.pullPolicy keycloak-config-cli container image pull policy
## @param keycloakConfigCli.image.pullSecrets keycloak-config-cli container image pull secrets
##
image:
registry: docker.io
repository: bitnami/keycloak-config-cli
tag: 4.9.0-debian-10-r14
## Specify a imagePullPolicy
## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent'
## ref: https://kubernetes.io/docs/user-guide/images/#pre-pulling-images
##
pullPolicy: IfNotPresent
## Optionally specify an array of imagePullSecrets.
## Secrets must be manually created in the namespace.
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/
## e.g:
## pullSecrets:
## - myRegistryKeySecretName
##
pullSecrets: []
## @param keycloakConfigCli.annotations [object] Annotations for keycloak-config-cli job
## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/
##
annotations:
helm.sh/hook: "post-install,post-upgrade,post-rollback"
helm.sh/hook-delete-policy: "hook-succeeded,before-hook-creation"
helm.sh/hook-weight: "5"
## @param keycloakConfigCli.command Command for running the container (set to default if not set). Use array form
##
command: []
## @param keycloakConfigCli.args Args for running the container (set to default if not set). Use array form
##
args: []
## @param keycloakConfigCli.hostAliases Job pod host aliases
## https://kubernetes.io/docs/concepts/services-networking/add-entries-to-pod-etc-hosts-with-host-aliases/
##
hostAliases: []
## Keycloak config CLI resource requests and limits
## ref: https://kubernetes.io/docs/user-guide/compute-resources/
## @param keycloakConfigCli.resources.limits The resources limits for the keycloak-config-cli container
## @param keycloakConfigCli.resources.requests The requested resources for the keycloak-config-cli container
##
resources:
limits: {}
requests: {}
## keycloak-config-cli containers' Security Context
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container
## @param keycloakConfigCli.containerSecurityContext.enabled Enabled keycloak-config-cli containers' Security Context
## @param keycloakConfigCli.containerSecurityContext.runAsUser Set keycloak-config-cli container's Security Context runAsUser
## @param keycloakConfigCli.containerSecurityContext.runAsNonRoot Set keycloak-config-cli container's Security Context runAsNonRoot
##
containerSecurityContext:
enabled: true
runAsUser: 1001
runAsNonRoot: true
## keycloak-config-cli pods' Security Context
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod
## @param keycloakConfigCli.podSecurityContext.enabled Enabled keycloak-config-cli pods' Security Context
## @param keycloakConfigCli.podSecurityContext.fsGroup Set keycloak-config-cli pod's Security Context fsGroup
##
podSecurityContext:
enabled: true
fsGroup: 1001
## @param keycloakConfigCli.backoffLimit Number of retries before considering a Job as failed
## ref: https://kubernetes.io/docs/concepts/workloads/controllers/job/#pod-backoff-failure-policy
##
backoffLimit: 1
## @param keycloakConfigCli.podLabels Pod extra labels
## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/
##
podLabels: {}
## @param keycloakConfigCli.podAnnotations Annotations for job pod
## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/
##
podAnnotations: {}
## @param keycloakConfigCli.extraEnvVars Additional environment variables to set
## Example:
## extraEnvVars:
## - name: FOO
## value: "bar"
##
extraEnvVars: []
## @param keycloakConfigCli.extraEnvVarsCM ConfigMap with extra environment variables
##
extraEnvVarsCM: ""
## @param keycloakConfigCli.extraEnvVarsSecret Secret with extra environment variables
##
extraEnvVarsSecret: ""
## @param keycloakConfigCli.extraVolumes Extra volumes to add to the job
##
extraVolumes: []
## @param keycloakConfigCli.extraVolumeMounts Extra volume mounts to add to the container
##
extraVolumeMounts: []
## @param keycloakConfigCli.configuration keycloak-config-cli realms configuration
## NOTE: nil keys will be considered files to import locally
## Example:
## configuration:
## realm1.json: |
## {
## "realm": "realm1",
## "clients": []
## }
## files/realm2.yaml:
## realm3.yaml: |
## realm: realm3
## clients: []
##
configuration: {}
## @param keycloakConfigCli.existingConfigmap ConfigMap with keycloak-config-cli configuration. This will override `keycloakConfigCli.config`
## NOTE: This will override keycloakConfigCli.configuration
##
existingConfigmap: ""
## @section Database parameters
## PostgreSQL chart configuration
## ref: https://github.com/bitnami/charts/blob/master/bitnami/postgresql/values.yaml
## @param postgresql.enabled Switch to enable or disable the PostgreSQL helm chart
## @param postgresql.auth.username Name for a custom user to create
## @param postgresql.auth.password Password for the custom user to create
## @param postgresql.auth.database Name for a custom database to create
## @param postgresql.auth.existingSecret Name of existing secret to use for PostgreSQL credentials
## @param postgresql.architecture PostgreSQL architecture (`standalone` or `replication`)
##
postgresql:
enabled: true
auth:
username: bn_keycloak
password: ""
database: bitnami_keycloak
existingSecret: ""
architecture: standalone
## External PostgreSQL configuration
## All of these values are only used when postgresql.enabled is set to false
## @param externalDatabase.host Database host
## @param externalDatabase.port Database port number
## @param externalDatabase.user Non-root username for Keycloak
## @param externalDatabase.password Password for the non-root username for Keycloak
## @param externalDatabase.database Keycloak database name
## @param externalDatabase.existingSecret Name of an existing secret resource containing the database credentials
## @param externalDatabase.existingSecretPasswordKey Name of an existing secret key containing the database credentials
##
externalDatabase:
host: ""
port: 5432
user: bn_keycloak
database: bitnami_keycloak
password: ""
existingSecret: ""
existingSecretPasswordKey: ""