values.yaml 7.74 KB
Newer Older
Justin Gauthier's avatar
Justin Gauthier committed
1
2
3
4
5
init:
  image:
    repository: alpine
    tag: 3.8
    pullPolicy: IfNotPresent
6
7
8
9
10
11
12
  resources: {}
    # limits:
    #   cpu: "10m"
    #   memory: "32Mi"
    # requests:
    #   cpu: "10m"
    #   memory: "32Mi"
Justin Gauthier's avatar
Justin Gauthier committed
13
14
15
16
17
18
19
20

clusterDomain: cluster.local

keycloak:
  replicas: 2

  image:
    repository: jboss/keycloak
21
    tag: 5.0.0
Justin Gauthier's avatar
Justin Gauthier committed
22
23
24
25
26
27
28
29
30
31
32
33
34
35
    pullPolicy: IfNotPresent

    ## Optionally specify an array of imagePullSecrets.
    ## Secrets must be manually created in the namespace.
    ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/
    ##
    pullSecrets: []
    # - myRegistrKeySecretName

  hostAliases: []
  #  - ip: "1.2.3.4"
  #    hostnames:
  #      - "my.host.com"

36
37
38
39
40
41
42
43
44
45
46
  enableServiceLinks: false

  restartPolicy: Always

  serviceAccount:
    # Specifies whether a service account should be created
    create: false
    # The name of the service account to use.
    # If not set and create is true, a name is generated using the fullname template
    name:

Justin Gauthier's avatar
Justin Gauthier committed
47
48
  securityContext:
    fsGroup: 1000
49
50
51

  containerSecurityContext:
    runAsUser: 1000
Justin Gauthier's avatar
Justin Gauthier committed
52
53
54
55
56
57
58
59
60
61
62
63
64
65
    runAsNonRoot: true

  ## The path keycloak will be served from. To serve keycloak from the root path, use two quotes (e.g. "").
  basepath: auth

  ## Additional init containers, e. g. for providing custom themes
  extraInitContainers: |

  ## Additional sidecar containers, e. g. for a database proxy, such as Google's cloudsql-proxy
  extraContainers: |

  ## Custom script that is run before Keycloak is started.
  preStartScript:

66
67
68
69
70
71
  ## lifecycleHooks defines the container lifecycle hooks
  lifecycleHooks: |
    # postStart:
    #   exec:
    #     command: ["/bin/sh", "-c", "ls"]

Justin Gauthier's avatar
Justin Gauthier committed
72
73
74
75
76
77
  ## Additional arguments to start command e.g. -Dkeycloak.import= to load a realm
  extraArgs: ""

  ## Username for the initial Keycloak admin user
  username: keycloak

78
  ## Password for the initial Keycloak admin user. Applicable only if existingSecret is not set.
Justin Gauthier's avatar
Justin Gauthier committed
79
80
81
  ## If not set, a random 10 characters password will be used
  password: ""

82
83
84
85
86
87
  # Specifies an existing secret to be used for the admin password
  #existingSecret: ""

  # The key in the existing secret that stores the password
  #existingSecretKey: password

Justin Gauthier's avatar
Justin Gauthier committed
88
89
  ## Allows the specification of additional environment variables for Keycloak
  extraEnv: |
90
91
    - name: PROXY_ADDRESS_FORWARDING
      value: "true"
Justin Gauthier's avatar
Justin Gauthier committed
92
93
94
95
96
97
    # - name: KEYCLOAK_LOGLEVEL
    #   value: DEBUG
    # - name: WILDFLY_LOGLEVEL
    #   value: DEBUG
    # - name: CACHE_OWNERS
    #   value: "2"
98
99
100
101
102
103
    # - name: DB_QUERY_TIMEOUT
    #   value: "60"
    # - name: DB_VALIDATE_ON_MATCH
    #   value: true
    # - name: DB_USE_CAST_FAIL
    #   value: false
Justin Gauthier's avatar
Justin Gauthier committed
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132

  affinity: |
    podAntiAffinity:
      requiredDuringSchedulingIgnoredDuringExecution:
        - labelSelector:
            matchLabels:
              app:  {{ template "keycloak.name" . }}
              release: "{{ .Release.Name }}"
            matchExpressions:
              - key: role
                operator: NotIn
                values:
                  - test
          topologyKey: kubernetes.io/hostname
      preferredDuringSchedulingIgnoredDuringExecution:
        - weight: 100
          podAffinityTerm:
            labelSelector:
              matchLabels:
                app:  {{ template "keycloak.name" . }}
                release: "{{ .Release.Name }}"
              matchExpressions:
                - key: role
                  operator: NotIn
                  values:
                    - test
            topologyKey: failure-domain.beta.kubernetes.io/zone

  nodeSelector: {}
133
  priorityClassName: ""
Justin Gauthier's avatar
Justin Gauthier committed
134
135
  tolerations: []

136
137
138
139
  ## Additional pod labels
  ## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/
  podLabels: {}

Justin Gauthier's avatar
Justin Gauthier committed
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
  ## Extra Annotations to be added to pod
  podAnnotations: {}

  livenessProbe:
    initialDelaySeconds: 120
    timeoutSeconds: 5
  readinessProbe:
    initialDelaySeconds: 30
    timeoutSeconds: 1

  resources: {}
    # limits:
    #   cpu: "100m"
    #   memory: "1024Mi"
    # requests:
    #   cpu: "100m"
    #   memory: "1024Mi"

  ## WildFly CLI configurations. They all end up in the file 'keycloak.cli' configured in the configmap which is
  ## executed on server startup.
  cli:
    nodeIdentifier: |
      {{ .Files.Get "scripts/node-identifier.cli" }}

    logging: |
      {{ .Files.Get "scripts/logging.cli" }}

    reverseProxy: |
      {{ .Files.Get "scripts/reverse-proxy.cli" }}

    ha: |
      {{ .Files.Get "scripts/ha.cli" }}

173
174
175
    datasource: |
      {{ .Files.Get "scripts/datasource.cli" }}

Justin Gauthier's avatar
Justin Gauthier committed
176
177
178
179
180
181
182
    # Custom CLI script
    custom: |

  ## Add additional volumes and mounts, e. g. for custom themes
  extraVolumes: |
  extraVolumeMounts: |

183
184
185
  ## Add additional ports, eg. for custom admin console
  extraPorts: |

Justin Gauthier's avatar
Justin Gauthier committed
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
  podDisruptionBudget: {}
    # maxUnavailable: 1
    # minAvailable: 1

  service:
    annotations: {}
    # service.beta.kubernetes.io/aws-load-balancer-internal: "0.0.0.0/0"

    labels: {}
    # key: value

    ## ServiceType
    ## ref: https://kubernetes.io/docs/user-guide/services/#publishing-services---service-types
    type: ClusterIP

    ## Optional static port assignment for service type NodePort.
    # nodePort: 30000

    port: 80

    # Optional: jGroups port for high availability clustering
    jgroupsPort: 7600

  ## Ingress configuration.
  ## ref: https://kubernetes.io/docs/user-guide/ingress/
  ingress:
    enabled: true
    path: /

    annotations: {}
      # kubernetes.io/ingress.class: nginx
      # kubernetes.io/tls-acme: "true"
      # ingress.kubernetes.io/affinity: cookie

220
221
222
    labels: {}
    # key: value

Justin Gauthier's avatar
Justin Gauthier committed
223
224
    ## List of hosts for the ingress
    hosts:
225
226
      - auth.corp.justin-tech.com
      - auth.justin-tech.com
Justin Gauthier's avatar
Justin Gauthier committed
227
228
229
230
231
232
233

    ## TLS configuration
    tls: []
    # - hosts:
    #     - keycloak.example.com
    #   secretName: tls-keycloak

234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
  ## OpenShift route configuration.
  ## ref: https://docs.openshift.com/container-platform/3.11/architecture/networking/routes.html
  route:
    enabled: false
    path: /

    annotations: {}
      # kubernetes.io/tls-acme: "true"
      # haproxy.router.openshift.io/disable_cookies: "true"
      # haproxy.router.openshift.io/balance: roundrobin

    labels: {}
      # key: value

    # Host name for the route
    host:

    # TLS configuration
    tls:
      enabled: true
      insecureEdgeTerminationPolicy: Redirect
      termination: edge

Justin Gauthier's avatar
Justin Gauthier committed
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
  ## Persistence configuration
  persistence:
    # If true, the Postgres chart is deployed
    deployPostgres: true

    # The database vendor. Can be either "postgres", "mysql", "mariadb", or "h2"
    dbVendor: postgres

    ## The following values only apply if "deployPostgres" is set to "false"

    # Specifies an existing secret to be used for the database password
    #existingSecret: ""

    # The key in the existing secret that stores the password
    #existingSecretKey: password

    #dbName: keycloak
    #dbHost: mykeycloak
    #dbPort: 5432
    #dbUser: keycloak

    # Only used if no existing secret is specified. In this case a new secret is created
    dbPassword: ""

postgresql:
  ### PostgreSQL User to create.
  ##
  postgresUser: keycloak

  ## PostgreSQL Password for the new user.
  ## If not set, a random 10 characters password will be used.
  ##
  postgresPassword: ""

  ## PostgreSQL Database to create.
  ##
  postgresDatabase: keycloak

  ## Persistent Volume Storage configuration.
  ## ref: https://kubernetes.io/docs/user-guide/persistent-volumes
  ##
  persistence:
    ## Enable PostgreSQL persistence using Persistent Volume Claims.
    ##
    enabled: true
    storageClass: "nfs-client"
    accessMode: ReadWriteOnce
    size: 10Gi

test:
307
  enabled: true
Justin Gauthier's avatar
Justin Gauthier committed
308
309
310
  image:
    repository: unguiculus/docker-python3-phantomjs-selenium
    tag: v1
311
312
313
314
315
316
317
    pullPolicy: IfNotPresent
  securityContext:
    fsGroup: 1000
  containerSecurityContext:
    runAsUser: 1000
    runAsNonRoot: true