keycloak
A Helm chart for Keycloak on Kubernetes
Homepage: https://www.keycloak.org/
Maintainers
Name | Url | |
---|---|---|
Sheogorath | https://shivering-isles.com |
Source Code
- https://git.shivering-isles.com/shivering-isles/infrastructure-gitops
- https://github.com/keycloak/keycloak
Requirements
Kubernetes: >=1.25
Values
Key | Type | Default | Description |
---|---|---|---|
adminIngress | object | {"annotations":{},"className":"","enabled":false,"hosts":[{"host":"chart-example.local","paths":[{"path":"/js/","pathType":"ImplementationSpecific"},{"path":"/realms/","pathType":"ImplementationSpecific"},{"path":"/resources/","pathType":"ImplementationSpecific"},{"path":"/robots.txt","pathType":"ImplementationSpecific"},{"path":"/admin/","pathType":"ImplementationSpecific"}]}],"tls":[]} | Optional separate ingress endpoint when keycloak.adminHostname is used |
affinity | object | {} | |
autoscaling.enabled | bool | false | |
autoscaling.maxReplicas | int | 100 | |
autoscaling.minReplicas | int | 1 | |
autoscaling.targetCPUUtilizationPercentage | int | 80 | |
fullnameOverride | string | "" | |
image.pullPolicy | string | "IfNotPresent" | pull policy used for the keycloak container |
image.repository | string | "quay.io/keycloak/keycloak" | Keycloak image to be used |
image.tag | string | "" | Overrides the image tag whose default is the chart appVersion. |
imagePullSecrets | list | [] | |
ingress.annotations | object | {} | |
ingress.className | string | "" | |
ingress.enabled | bool | false | |
ingress.hosts[0].host | string | "chart-example.local" | |
ingress.hosts[0].paths[0].path | string | "/js/" | |
ingress.hosts[0].paths[0].pathType | string | "ImplementationSpecific" | |
ingress.hosts[0].paths[1].path | string | "/realms/" | |
ingress.hosts[0].paths[1].pathType | string | "ImplementationSpecific" | |
ingress.hosts[0].paths[2].path | string | "/resources/" | |
ingress.hosts[0].paths[2].pathType | string | "ImplementationSpecific" | |
ingress.hosts[0].paths[3].path | string | "/robots.txt" | |
ingress.hosts[0].paths[3].pathType | string | "ImplementationSpecific" | |
ingress.tls | list | [] | |
keycloak.adminHostname | string | nil | Optional Admin Hostname, see https://www.keycloak.org/server/hostname#_administration_console |
keycloak.database.password | string | nil | password of the database user |
keycloak.database.type | string | "postgres" | Type of the database, see db at https://www.keycloak.org/server/db#_configuring_a_database |
keycloak.database.url | string | nil | database URL, see db-url at https://www.keycloak.org/server/db#_configuring_a_database jdbc:postgresql://localhost/keycloak |
keycloak.database.username | string | nil | username of the database user |
keycloak.features | list | [] | list of features that should be enabled on the keycloak instance. See features at https://www.keycloak.org/server/containers#_relevant_options |
keycloak.hostname | string | "keycloak.example.com" | Hostname used for the keycloak installation |
metrics.enabled | bool | false | |
metrics.interval | string | nil | |
metrics.scrapeTimeout | string | nil | |
nameOverride | string | "" | |
networkPolicy.create | bool | false | Creates a network policy for inifispan communication, does not take care of database or ingress communication |
nodeSelector | object | {} | |
podAnnotations | object | {} | |
podSecurityContext.runAsNonRoot | bool | true | |
podSecurityContext.seccompProfile.type | string | "RuntimeDefault" | |
replicaCount | int | 1 | |
resources.limits.cpu | string | "2" | |
resources.limits.memory | string | "2Gi" | |
resources.requests.cpu | string | "200m" | |
resources.requests.memory | string | "1Gi" | |
securityContext.allowPrivilegeEscalation | bool | false | |
securityContext.capabilities.drop[0] | string | "ALL" | |
service.type | string | "ClusterIP" | |
serviceAccount.annotations | object | {} | Annotations to add to the service account |
serviceAccount.create | bool | true | Specifies whether a service account should be created |
serviceAccount.name | string | "" | The name of the service account to use. If not set and create is true, a name is generated using the fullname template |
tolerations | list | [] |