apps/keycloak/values.yaml

global:
  postgresql:
    auth:
      postgresPassword: "$CHANGEME1"
      username: "keycloak"
      password: "$CHANGEME2"
      database: "keycloak"
keycloak:
  auth:
    adminUser: keycloak
    adminPassword: $CHANGEME3
  production: true
  tls: 
    enabled: false 
    autoGenerated: false
  proxy: edge
  httpRelativePath: "/auth/"
  #postgresql:
  #  primary:
  #    nodeSelector:
  #      infra: "true"
  #    tolerations:
  #      - key: "infra"
  #        operator: "Exists"
  replicaCount: 1
  #nodeSelector:
  #  infra: "true"
  #tolerations:
  #  - key: "infra"
  #    operator: "Exists"
  #resources:
  #  requests:
  #    cpu: "200m"
  #    memory: "512Mi"
  #  limits:
  #    cpu: "4"
  #    memory: "16Gi"
  ingress:
    # If `true`, an Ingress is created
    enabled: true
    #ingressClassName: nginx
    # Ingress annotations
    annotations:
      ## Resolve HTTP 502 error using ingress-nginx:
      ## See https://www.ibm.com/support/pages/502-error-ingress-keycloak-response
      nginx.ingress.kubernetes.io/proxy-buffer-size: 128k
    # List of rules for the Ingress
    hostname: "auth.lab.$DOMAIN"
    # TLS configuration
    extraTls:
      - hosts:
         - auth.lab.$DOMAIN
  
  extraStartupArgs: "--features=preview --log-level=org.keycloak.events:debug"

  extraEnvVars: 
    - name: ONYXIA_RESOURCES_ALLOWED_ORIGINS
      value: "https://datalab.$DOMAIN, http://localhost, http://127.0.0.1"

  initContainers: |
    - name: realm-ext-provider
      image: curlimages/curl
      imagePullPolicy: IfNotPresent
      command:
        - sh
      args:
        - -c
        - |
          curl -L -f -S -o /extensions/onyxia-web.jar https://github.com/InseeFrLab/onyxia/releases/download/v8.4.5/keycloak-theme.jar
      volumeMounts:
        - name: extensions
          mountPath: /extensions

  extraVolumeMounts: |
    - name: extensions
      mountPath: /opt/bitnami/keycloak/providers

  extraVolumes: |
    - name: extensions
      emptyDir: {}

  externalDatabase:
    host: keycloakv3-postgresql
    port: 5432
    user: keycloak
    password: $CHANGEME2
    database: keycloak