roles/keycloak/vars/main.yml - atmosphere - Gitiles

 # Copyright (c) 2022 VEXXHOST, Inc.
 #
 # Licensed under the Apache License, Version 2.0 (the "License"); you may
 # not use this file except in compliance with the License. You may obtain
 # a copy of the License at
 #
 #      http://www.apache.org/licenses/LICENSE-2.0
 #
 # Unless required by applicable law or agreed to in writing, software
 # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
 # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
 # License for the specific language governing permissions and limitations
 # under the License.

 _keycloak_ingress_annotations:
   cert-manager.io/cluster-issuer: "{{ keycloak_ingress_cluster_issuer }}"

 _keycloak_helm_values:
   # NOTE(mnaser): These workarounds below are needed to allow the Bitnami Helm chart to work with
   #               the upstream image.
   enableDefaultInitContainers: false
   containerSecurityContext:
     readOnlyRootFilesystem: false
     runAsUser: 1000
   # Note(okozachenko1203): Mysql vendor is not supported by bitnami helm chart. As a workaround,
   #                        we have to define jdbc connection string explicitly along side
   #                        `externalDatabase` helm values.
   extraEnvVars:
     - name: KC_FEATURES
       value: "token-exchange,admin-fine-grained-authz"
     - name: KC_PROXY
       value: edge
     - name: KC_DB
       value: mysql
     - name: KC_DB_URL
       value: "jdbc:mysql://{{ openstack_helm_endpoints.oslo_db.hosts.default }}.openstack:3306/{{ keycloak_database_name }}"
     - name: KC_DB_USERNAME
       value: "{{ keycloak_database_username }}"
     - name: KC_DB_PASSWORD
       valueFrom:
         secretKeyRef:
           key: db-password
           name: keycloak-externaldb
   command:
     - /opt/keycloak/bin/kc.sh
     - --verbose
     - start
     - --health-enabled=true
     - --http-enabled=true
     - --http-port=8080
     - --hostname-strict=false
     - --spi-events-listener-jboss-logging-success-level=info
     - --spi-events-listener-jboss-logging-error-level=warn
     - --transaction-xa-enabled=false
     - --metrics-enabled=true
   auth:
     adminPassword: "{{ keycloak_admin_password }}"
     adminUser: "{{ keycloak_admin_username }}"
   externalDatabase:
     host: "{{ openstack_helm_endpoints.oslo_db.hosts.default }}.openstack"
     port: 3306
     database: "{{ keycloak_database_name }}"
     user: "{{ keycloak_database_username }}"
     password: "{{ keycloak_database_password }}"
   image:
     registry: "{{ atmosphere_images['keycloak'] | vexxhost.kubernetes.docker_image('domain') }}"
     repository: "{{ atmosphere_images['keycloak'] | vexxhost.kubernetes.docker_image('path') }}"
     tag: "{{ atmosphere_images['keycloak'] | vexxhost.kubernetes.docker_image('tag') }}"
   postgresql:
     enabled: false
   production: true
   proxy: edge
   startupProbe:
     enabled: true
     initialDelaySeconds: 5
     failureThreshold: 120
   nodeSelector:
     openstack-control-plane: enabled
   metrics:
     enabled: true
	# Copyright (c) 2022 VEXXHOST, Inc.
	#
	# Licensed under the Apache License, Version 2.0 (the "License"); you may
	# not use this file except in compliance with the License. You may obtain
	# a copy of the License at
	#
	# http://www.apache.org/licenses/LICENSE-2.0
	#
	# Unless required by applicable law or agreed to in writing, software
	# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
	# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
	# License for the specific language governing permissions and limitations
	# under the License.

	_keycloak_ingress_annotations:
	cert-manager.io/cluster-issuer: "{{ keycloak_ingress_cluster_issuer }}"

	_keycloak_helm_values:
	# NOTE(mnaser): These workarounds below are needed to allow the Bitnami Helm chart to work with
	# the upstream image.
	enableDefaultInitContainers: false
	containerSecurityContext:
	readOnlyRootFilesystem: false
	runAsUser: 1000
	# Note(okozachenko1203): Mysql vendor is not supported by bitnami helm chart. As a workaround,
	# we have to define jdbc connection string explicitly along side
	# `externalDatabase` helm values.
	extraEnvVars:
	- name: KC_FEATURES
	value: "token-exchange,admin-fine-grained-authz"
	- name: KC_PROXY
	value: edge
	- name: KC_DB
	value: mysql
	- name: KC_DB_URL
	value: "jdbc:mysql://{{ openstack_helm_endpoints.oslo_db.hosts.default }}.openstack:3306/{{ keycloak_database_name }}"
	- name: KC_DB_USERNAME
	value: "{{ keycloak_database_username }}"
	- name: KC_DB_PASSWORD
	valueFrom:
	secretKeyRef:
	key: db-password
	name: keycloak-externaldb
	command:
	- /opt/keycloak/bin/kc.sh
	- --verbose
	- start
	- --health-enabled=true
	- --http-enabled=true
	- --http-port=8080
	- --hostname-strict=false
	- --spi-events-listener-jboss-logging-success-level=info
	- --spi-events-listener-jboss-logging-error-level=warn
	- --transaction-xa-enabled=false
	- --metrics-enabled=true
	auth:
	adminPassword: "{{ keycloak_admin_password }}"
	adminUser: "{{ keycloak_admin_username }}"
	externalDatabase:
	host: "{{ openstack_helm_endpoints.oslo_db.hosts.default }}.openstack"
	port: 3306
	database: "{{ keycloak_database_name }}"
	user: "{{ keycloak_database_username }}"
	password: "{{ keycloak_database_password }}"
	image:
	registry: "{{ atmosphere_images['keycloak'] \| vexxhost.kubernetes.docker_image('domain') }}"
	repository: "{{ atmosphere_images['keycloak'] \| vexxhost.kubernetes.docker_image('path') }}"
	tag: "{{ atmosphere_images['keycloak'] \| vexxhost.kubernetes.docker_image('tag') }}"
	postgresql:
	enabled: false
	production: true
	proxy: edge
	startupProbe:
	enabled: true
	initialDelaySeconds: 5
	failureThreshold: 120
	nodeSelector:
	openstack-control-plane: enabled
	metrics:
	enabled: true