Gitiles
Code Review Sign In
review.vexxhost.dev / atmosphere / refs/heads/main / . / roles / keycloak / vars / main.yml
blob: ead80fbb75d3dc6cf019bdd5f293c87a798daba7 [file] [log] [blame]
Oleksandr Kozachenkob0093492023-09-06 21:43:47 +0200[diff] [blame]1# Copyright (c) 2022 VEXXHOST, Inc.
2#
3# Licensed under the Apache License, Version 2.0 (the "License"); you may
4# not use this file except in compliance with the License. You may obtain
5# a copy of the License at
6#
7# http://www.apache.org/licenses/LICENSE-2.0
8#
9# Unless required by applicable law or agreed to in writing, software
10# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
11# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
12# License for the specific language governing permissions and limitations
13# under the License.
14
Michiel Piscaerf2ab55e2024-10-26 00:29:48 +0200[diff] [blame]15_keycloak_ingress_annotations:
16 cert-manager.io/cluster-issuer: "{{ keycloak_ingress_cluster_issuer }}"
17
Oleksandr Kozachenkob0093492023-09-06 21:43:47 +0200[diff] [blame]18_keycloak_helm_values:
Mohammed Naser65cda132024-05-02 14:34:08 -0400[diff] [blame]19 # NOTE(mnaser): These workarounds below are needed to allow the Bitnami Helm chart to work with
20 # the upstream image.
21 enableDefaultInitContainers: false
22 containerSecurityContext:
23 readOnlyRootFilesystem: false
24 runAsUser: 1000
Oleksandr Kozachenkob0093492023-09-06 21:43:47 +0200[diff] [blame]25 # Note(okozachenko1203): Mysql vendor is not supported by bitnami helm chart. As a workaround,
26 # we have to define jdbc connection string explicitly along side
27 # `externalDatabase` helm values.
28 extraEnvVars:
Mohammed Naserc0ba6662025-01-29 16:39:41 -0500[diff] [blame]29 - name: KC_FEATURES
30 value: "token-exchange,admin-fine-grained-authz"
Oleksandr Kozachenkob0093492023-09-06 21:43:47 +0200[diff] [blame]31 - name: KC_PROXY
32 value: edge
33 - name: KC_DB
34 value: mysql
35 - name: KC_DB_URL
36 value: "jdbc:mysql://{{ openstack_helm_endpoints.oslo_db.hosts.default }}.openstack:3306/{{ keycloak_database_name }}"
37 - name: KC_DB_USERNAME
38 value: "{{ keycloak_database_username }}"
39 - name: KC_DB_PASSWORD
40 valueFrom:
41 secretKeyRef:
42 key: db-password
43 name: keycloak-externaldb
44 command:
45 - /opt/keycloak/bin/kc.sh
46 - --verbose
47 - start
Oleksandr Kozachenkob0093492023-09-06 21:43:47 +0200[diff] [blame]48 - --health-enabled=true
49 - --http-enabled=true
50 - --http-port=8080
51 - --hostname-strict=false
52 - --spi-events-listener-jboss-logging-success-level=info
53 - --spi-events-listener-jboss-logging-error-level=warn
54 - --transaction-xa-enabled=false
Yaguang Tang2ce13b72024-07-11 09:48:01 +0800[diff] [blame]55 - --metrics-enabled=true
Oleksandr Kozachenkob0093492023-09-06 21:43:47 +0200[diff] [blame]56 auth:
57 adminPassword: "{{ keycloak_admin_password }}"
58 adminUser: "{{ keycloak_admin_username }}"
59 externalDatabase:
60 host: "{{ openstack_helm_endpoints.oslo_db.hosts.default }}.openstack"
61 port: 3306
62 database: "{{ keycloak_database_name }}"
63 user: "{{ keycloak_database_username }}"
64 password: "{{ keycloak_database_password }}"
65 image:
66 registry: "{{ atmosphere_images['keycloak'] | vexxhost.kubernetes.docker_image('domain') }}"
67 repository: "{{ atmosphere_images['keycloak'] | vexxhost.kubernetes.docker_image('path') }}"
68 tag: "{{ atmosphere_images['keycloak'] | vexxhost.kubernetes.docker_image('tag') }}"
69 postgresql:
70 enabled: false
71 production: true
72 proxy: edge
Mohammed Naser73dcb9d2024-01-02 16:23:43 -0500[diff] [blame]73 startupProbe:
74 enabled: true
75 initialDelaySeconds: 5
76 failureThreshold: 120
Oleksandr Kozachenko72da0122023-10-17 22:52:39 +0200[diff] [blame]77 nodeSelector:
78 openstack-control-plane: enabled
Yaguang Tang2ce13b72024-07-11 09:48:01 +0800[diff] [blame]79 metrics:
80 enabled: true