Set keycloak with http instead https for traefik and keep https for users (external

2026-03-15 06:39:32 +02:00 · 2026-03-15 06:39:32 +02:00 · b6ea4d2615
commit b6ea4d2615
parent d490cd1386
1 changed files with 8 additions and 15 deletions
--- a/manifests/keycloak/values.yaml
+++ b/manifests/keycloak/values.yaml
@ -18,12 +18,7 @@ proxyHeaders: xforwarded
 replicaCount: 1

 tls:
-  enabled: true
-  usePem: true
-  autoGenerated: true
-  # existingSecret: keycloak-crt  # Removed - using auto-generated certificate instead
-  certFilename: tls.crt
-  certKeyFilename: tls.key
+  enabled: false

 service:
  type: ClusterIP
@ -36,12 +31,10 @@ ingress:
  ingressClassName: traefik
  hostname: keycloak.dvirlabs.com
  path: /
-  servicePort: https
+  servicePort: http
  annotations:
    traefik.ingress.kubernetes.io/router.entrypoints: websecure
    traefik.ingress.kubernetes.io/router.tls: "true"
-    traefik.ingress.kubernetes.io/service.serversscheme: https
-    traefik.ingress.kubernetes.io/service.serverstransport: infra-keycloak-insecure@kubernetescrd
  tls: true

 postgresql:
@ -62,8 +55,8 @@ postgresql:
 customStartupProbe:
  httpGet:
    path: /realms/master
-    port: https
-    scheme: HTTPS
+    port: http
+    scheme: HTTP
  initialDelaySeconds: 30
  periodSeconds: 10
  timeoutSeconds: 5
@ -73,8 +66,8 @@ customStartupProbe:
 customLivenessProbe:
  httpGet:
    path: /realms/master
-    port: https
-    scheme: HTTPS
+    port: http
+    scheme: HTTP
  initialDelaySeconds: 120
  periodSeconds: 10
  timeoutSeconds: 5
@ -84,8 +77,8 @@ customLivenessProbe:
 customReadinessProbe:
  httpGet:
    path: /realms/master
-    port: https
-    scheme: HTTPS
+    port: http
+    scheme: HTTP
  initialDelaySeconds: 60
  periodSeconds: 10
  timeoutSeconds: 5