infra/manifests/keycloak/values.yaml

global:
  security:
    allowInsecureImages: true

image:
  registry: public.ecr.aws
  repository: bitnami/keycloak
  tag: 26.5.5-debian-12-r0
  digest: ""

auth:
  adminUser: admin
  adminPassword: adminpassword

production: true
proxyHeaders: xforwarded

replicaCount: 1

tls:
  enabled: true
  usePemCerts: true
  autoGenerated: false
  existingSecret: keycloak-crt
  certFilename: tls.crt
  certKeyFilename: tls.key

service:
  type: ClusterIP
  ports:
    http: 8080
    https: 8443

ingress:
  enabled: true
  ingressClassName: traefik
  hostname: keycloak.dvirlabs.com
  path: /
  servicePort: https
  annotations:
    traefik.ingress.kubernetes.io/router.entrypoints: websecure
    traefik.ingress.kubernetes.io/router.tls: "true"
    traefik.ingress.kubernetes.io/service.serversscheme: https
  tls: true

postgresql:
  enabled: true
  auth:
    postgresPassword: keycloak-postgres
    password: keycloakpassword
  primary:
    persistence:
      enabled: true
      size: 8Gi
    # Match the live StatefulSet's immutable PVC retention policy
    persistentVolumeClaimRetentionPolicy:
      enabled: true
      whenDeleted: Retain
      whenScaled: Retain

customReadinessProbe:
  httpGet:
    path: /realms/master
    port: https
    scheme: HTTPS
  initialDelaySeconds: 30
  periodSeconds: 10
  timeoutSeconds: 1
  failureThreshold: 3
  successThreshold: 1

extraEnvVars:
  - name: KEYCLOAK_LOGLEVEL
    value: INFO