infra/manifests/keycloak/values.yaml

global:
  security:
    allowInsecureImages: true

image:
  registry: public.ecr.aws
  repository: bitnami/keycloak
  tag: 26.5.5-debian-12-r0
  digest: ""

auth:
  adminUser: admin
  adminPassword: adminpassword

production: true
proxyHeaders: xforwarded

replicaCount: 1

tls:
  enabled: true
  usePem: true
  autoGenerated: true
  # existingSecret: keycloak-crt  # Removed - using auto-generated certificate instead
  certFilename: tls.crt
  certKeyFilename: tls.key

service:
  type: ClusterIP
  ports:
    http: 8080
    https: 8443

ingress:
  enabled: true
  ingressClassName: traefik
  hostname: keycloak.dvirlabs.com
  path: /
  servicePort: https
  annotations:
    traefik.ingress.kubernetes.io/router.entrypoints: websecure
    traefik.ingress.kubernetes.io/router.tls: "true"
    traefik.ingress.kubernetes.io/service.serversscheme: https
    traefik.ingress.kubernetes.io/service.serverstransport: infra-keycloak-insecure@kubernetescrd
  tls: true

postgresql:
  enabled: true
  auth:
    postgresPassword: keycloak-postgres
    password: keycloakpassword
  primary:
    persistence:
      enabled: true
      storageClass: nfs-client
      size: 8Gi
    persistentVolumeClaimRetentionPolicy:
      enabled: true
      whenDeleted: Retain
      whenScaled: Retain

customStartupProbe:
  httpGet:
    path: /realms/master
    port: https
    scheme: HTTPS
  initialDelaySeconds: 30
  periodSeconds: 10
  timeoutSeconds: 5
  failureThreshold: 18
  successThreshold: 1

customLivenessProbe:
  httpGet:
    path: /realms/master
    port: https
    scheme: HTTPS
  initialDelaySeconds: 120
  periodSeconds: 10
  timeoutSeconds: 5
  failureThreshold: 6
  successThreshold: 1

customReadinessProbe:
  httpGet:
    path: /realms/master
    port: https
    scheme: HTTPS
  initialDelaySeconds: 60
  periodSeconds: 10
  timeoutSeconds: 5
  failureThreshold: 12
  successThreshold: 1

extraEnvVars:
  - name: KEYCLOAK_LOGLEVEL
    value: INFO

configuration: ""
existingConfigmap: ""