github.com/verrazzano/verrazzano@v1.7.0/platform-operator/helm_config/overrides/keycloak-values.yaml (about) 1 # Copyright (c) 2021, 2023, Oracle and/or its affiliates. 2 # Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl. 3 4 # NOTE: The keycloak image now comes from the bill of materials file (verrazzano-bom.json). 5 6 command: 7 - "/opt/keycloak/bin/kc.sh" 8 - "start" 9 - "--http-enabled=true" 10 - "--hostname-strict=false" 11 - "--hostname-strict-https=false" 12 - "--spi-login-protocol-openid-connect-legacy-logout-redirect-uri=true" 13 - "--spi-login-protocol-openid-connect-suppress-logout-confirmation-screen=true" 14 15 fullnameOverride: "keycloak" 16 nameOverride: "keycloak" 17 18 extraEnv: | 19 - name: KEYCLOAK_ADMIN 20 value: "keycloakadmin" 21 - name: KEYCLOAK_ADMIN_PASSWORD 22 valueFrom: 23 secretKeyRef: 24 name: keycloak-http 25 key: password 26 - name: JAVA_OPTS_APPEND 27 value: >- 28 -Djgroups.dns.query={{ include "keycloak.fullname" . }}-headless 29 30 proxy: 31 mode: edge 32 33 database: 34 vendor: mysql 35 port: 3306 36 username: keycloak 37 existingSecret: mysql-cluster-secret 38 existingSecretKey: userPassword 39 database: keycloak 40 41 extraVolumes: | 42 - name: theme 43 emptyDir: {} 44 - name: cacerts 45 emptyDir: {} 46 - name: keycloak-http 47 secret: 48 secretName: keycloak-http 49 50 extraVolumeMounts: | 51 - name: theme 52 mountPath: /opt/keycloak/themes/oracle 53 - name: keycloak-http 54 mountPath: /etc/keycloak-http 55 56 extraPorts: 57 - name: jgroups 58 containerPort: 7800 59 protocol: TCP 60 61 service: 62 port: 8083 63 extraPorts: 64 - name: jgroups 65 port: 7800 66 targetPort: jgroups 67 68 podAnnotations: 69 traffic.sidecar.istio.io/excludeInboundPorts: "7800" 70 traffic.sidecar.istio.io/excludeOutboundPorts: "7800" 71 72 ingress: 73 enabled: true 74 annotations: 75 kubernetes.io/tls-acme: "true" 76 external-dns.alpha.kubernetes.io/ttl: "60" 77 nginx.ingress.kubernetes.io/app-root: /auth 78 nginx.ingress.kubernetes.io/service-upstream: "true" 79 nginx.ingress.kubernetes.io/upstream-vhost: "keycloak-http.${namespace}.svc.cluster.local" 80 nginx.ingress.kubernetes.io/affinity: "cookie" 81 nginx.ingress.kubernetes.io/proxy-buffer-size: "256k" 82 nginx.ingress.kubernetes.io/session-cookie-conditional-samesite-none: "true" 83 nginx.ingress.kubernetes.io/session-cookie-expires: "86400" 84 nginx.ingress.kubernetes.io/session-cookie-max-age: "86400" 85 nginx.ingress.kubernetes.io/session-cookie-name: "keycloak" 86 nginx.ingress.kubernetes.io/session-cookie-samesite: "Strict" 87 external-dns.alpha.kubernetes.io/target: "{{ .Values.dnsTarget }}" 88 rules: 89 - 90 paths: 91 - path: / 92 pathType: ImplementationSpecific 93 host: "{{ .Values.rulesHost }}" 94 tls: 95 - 96 hosts: 97 - "{{ .Values.tlsHosts }}" 98 secretName: "{{ .Values.tlsSecret }}" 99 100 securityContext: 101 allowPrivilegeEscalation: false 102 privileged: false 103 runAsNonRoot: true 104 runAsUser: 1000 105 runAsGroup: 0 106 capabilities: 107 drop: 108 - ALL 109 110 podSecurityContext: 111 seccompProfile: 112 type: RuntimeDefault 113 114 replicas: 1