keycloak values.yaml
📜
fullnameOverride📜
Type: string
""
nameOverride📜
Type: string
""
replicas📜
Type: int
1
image.repository📜
Type: string
"registry1.dso.mil/ironbank/opensource/keycloak/keycloak"
image.tag📜
Type: string
"21.1.2"
image.pullPolicy📜
Type: string
"IfNotPresent"
imagePullSecrets[0].name📜
Type: string
"private-registry"
hostAliases📜
Type: list
[]
Default value (formatted)
[]
enableServiceLinks📜
Type: bool
true
podManagementPolicy📜
Type: string
"Parallel"
updateStrategy📜
Type: string
"RollingUpdate"
restartPolicy📜
Type: string
"Always"
serviceAccount.create📜
Type: bool
true
serviceAccount.name📜
Type: string
""
serviceAccount.annotations📜
Type: object
{}
Default value (formatted)
{}
serviceAccount.labels📜
Type: object
{}
Default value (formatted)
{}
serviceAccount.imagePullSecrets📜
Type: list
[]
Default value (formatted)
[]
rbac.create📜
Type: bool
false
rbac.rules📜
Type: list
[]
Default value (formatted)
[]
podSecurityContext.fsGroup📜
Type: int
1000
podSecurityContext.runAsUser📜
Type: int
1000
podSecurityContext.runAsGroup📜
Type: int
1000
podSecurityContext.runAsNonRoot📜
Type: bool
true
securityContext.runAsUser📜
Type: int
1000
securityContext.runAsGroup📜
Type: int
1000
securityContext.runAsNonRoot📜
Type: bool
true
securityContext.capabilities.drop[0]📜
Type: string
"ALL"
extraInitContainers📜
Type: string
""
skipInitContainers📜
Type: bool
false
extraContainers📜
Type: string
""
lifecycleHooks📜
Type: string
""
terminationGracePeriodSeconds📜
Type: int
60
clusterDomain📜
Type: string
"cluster.local"
command[0]📜
Type: string
"/opt/keycloak/bin/kc.sh"
args[0]📜
Type: string
"start"
extraEnv📜
Type: string
""
extraEnvFrom📜
Type: string
"- secretRef:\n name: '{{ include \"keycloak.fullname\" . }}-env'\n"
Default value (formatted)
- secretRef:
name: '{{ include \"keycloak.fullname\" . }}-env'
priorityClassName📜
Type: string
""
affinity📜
Type: string
"podAntiAffinity:\n requiredDuringSchedulingIgnoredDuringExecution:\n - labelSelector:\n matchLabels:\n {{- include \"keycloak.selectorLabels\" . \| nindent 10 }}\n matchExpressions:\n - key: app.kubernetes.io/component\n operator: NotIn\n values:\n - test\n topologyKey: kubernetes.io/hostname\n preferredDuringSchedulingIgnoredDuringExecution:\n - weight: 100\n podAffinityTerm:\n labelSelector:\n matchLabels:\n {{- include \"keycloak.selectorLabels\" . \| nindent 12 }}\n matchExpressions:\n - key: app.kubernetes.io/component\n operator: NotIn\n values:\n - test\n topologyKey: failure-domain.beta.kubernetes.io/zone\n"
Default value (formatted)
podAntiAffinity:
requiredDuringSchedulingIgnoredDuringExecution:
- labelSelector:
matchLabels:
{{- include \"keycloak.selectorLabels\" . \| nindent 10 }}
matchExpressions:
- key: app.kubernetes.io/component
operator: NotIn
values:
- test
topologyKey: kubernetes.io/hostname
preferredDuringSchedulingIgnoredDuringExecution:
- weight: 100
podAffinityTerm:
labelSelector:
matchLabels:
{{- include \"keycloak.selectorLabels\" . \| nindent 12 }}
matchExpressions:
- key: app.kubernetes.io/component
operator: NotIn
values:
- test
topologyKey: failure-domain.beta.kubernetes.io/zone
topologySpreadConstraints📜
Type: string
nil
nodeSelector📜
Type: object
{}
Default value (formatted)
{}
tolerations📜
Type: list
[]
Default value (formatted)
[]
podLabels📜
Type: object
{}
Default value (formatted)
{}
podAnnotations📜
Type: object
{}
Default value (formatted)
{}
livenessProbe📜
Type: string
"httpGet:\n path: /auth/realms/master\n port: http\n scheme: HTTP\nfailureThreshold: 15\ntimeoutSeconds: 2\nperiodSeconds: 15\n"
Default value (formatted)
httpGet:
path: /auth/realms/master
port: http
scheme: HTTP
failureThreshold: 15
timeoutSeconds: 2
periodSeconds: 15
readinessProbe📜
Type: string
"httpGet:\n path: /auth/realms/master\n port: http\n scheme: HTTP\nfailureThreshold: 15\ntimeoutSeconds: 2\n"
Default value (formatted)
httpGet:
path: /auth/realms/master
port: http
scheme: HTTP
failureThreshold: 15
timeoutSeconds: 2
startupProbe📜
Type: string
"httpGet:\n path: /auth/realms/master\n port: http\ninitialDelaySeconds: 90\ntimeoutSeconds: 2\nfailureThreshold: 60\nperiodSeconds: 5\n"
Default value (formatted)
httpGet:
path: /auth/realms/master
port: http
initialDelaySeconds: 90
timeoutSeconds: 2
failureThreshold: 60
periodSeconds: 5
resources.requests.cpu📜
Type: string
"1"
resources.requests.memory📜
Type: string
"1Gi"
resources.limits.cpu📜
Type: string
"1"
resources.limits.memory📜
Type: string
"1Gi"
extraVolumes📜
Type: string
""
extraVolumesBigBang📜
Type: object
{}
Default value (formatted)
{}
extraVolumeMounts📜
Type: string
""
extraVolumeMountsBigBang📜
Type: object
{}
Default value (formatted)
{}
extraPorts📜
Type: list
[]
Default value (formatted)
[]
podDisruptionBudget📜
Type: object
{}
Default value (formatted)
{}
statefulsetAnnotations📜
Type: object
{}
Default value (formatted)
{}
statefulsetLabels📜
Type: object
{}
Default value (formatted)
{}
secrets.env.stringData.JAVA_TOOL_OPTIONS📜
Type: string
"-Dcom.redhat.fips=false"
secrets.env.stringData.KEYCLOAK_ADMIN📜
Type: string
"admin"
secrets.env.stringData.KEYCLOAK_ADMIN_PASSWORD📜
Type: string
"password"
secrets.env.stringData.JAVA_OPTS_APPEND📜
Type: string
"-Djgroups.dns.query={{ include \"keycloak.fullname\" . }}-headless"
service.annotations📜
Type: object
{}
Default value (formatted)
{}
service.labels📜
Type: object
{}
Default value (formatted)
{}
service.type📜
Type: string
"ClusterIP"
service.loadBalancerIP📜
Type: string
""
service.httpPort📜
Type: int
80
service.httpNodePort📜
Type: string
nil
service.httpsPort📜
Type: int
8443
service.httpsNodePort📜
Type: string
nil
service.extraPorts📜
Type: list
[]
Default value (formatted)
[]
service.loadBalancerSourceRanges📜
Type: list
[]
Default value (formatted)
[]
service.externalTrafficPolicy📜
Type: string
"Cluster"
service.sessionAffinity📜
Type: string
""
service.sessionAffinityConfig📜
Type: object
{}
Default value (formatted)
{}
ingress.enabled📜
Type: bool
false
ingress.ingressClassName📜
Type: string
""
ingress.servicePort📜
Type: string
"http"
ingress.annotations📜
Type: object
{}
Default value (formatted)
{}
ingress.labels📜
Type: object
{}
Default value (formatted)
{}
ingress.rules[0].host📜
Type: string
"{{ .Release.Name }}.keycloak.example.com"
ingress.rules[0].paths[0].path📜
Type: string
"/"
ingress.rules[0].paths[0].pathType📜
Type: string
"Prefix"
ingress.console.enabled📜
Type: bool
false
ingress.console.ingressClassName📜
Type: string
""
ingress.console.annotations📜
Type: object
{}
Default value (formatted)
{}
ingress.console.rules[0].host📜
Type: string
"{{ .Release.Name }}.keycloak.example.com"
ingress.console.rules[0].paths[0].path📜
Type: string
"/auth/admin/"
ingress.console.rules[0].paths[0].pathType📜
Type: string
"Prefix"
ingress.console.tls📜
Type: list
[]
Default value (formatted)
[]
networkPolicy.enabled📜
Type: bool
false
networkPolicy.labels📜
Type: object
{}
Default value (formatted)
{}
networkPolicy.extraFrom📜
Type: list
[]
Default value (formatted)
[]
route.enabled📜
Type: bool
false
route.path📜
Type: string
"/"
route.annotations📜
Type: object
{}
Default value (formatted)
{}
route.labels📜
Type: object
{}
Default value (formatted)
{}
route.host📜
Type: string
""
route.tls.enabled📜
Type: bool
true
route.tls.insecureEdgeTerminationPolicy📜
Type: string
"Redirect"
route.tls.termination📜
Type: string
"edge"
pgchecker.image.repository📜
Type: string
"registry1.dso.mil/ironbank/opensource/postgres/postgresql12"
pgchecker.image.tag📜
Type: float
12.15
pgchecker.image.pullPolicy📜
Type: string
"IfNotPresent"
pgchecker.securityContext.allowPrivilegeEscalation📜
Type: bool
false
pgchecker.securityContext.runAsUser📜
Type: int
1000
pgchecker.securityContext.runAsGroup📜
Type: int
1000
pgchecker.securityContext.runAsNonRoot📜
Type: bool
true
pgchecker.securityContext.capabilities.drop[0]📜
Type: string
"ALL"
pgchecker.resources.requests.cpu📜
Type: string
"20m"
pgchecker.resources.requests.memory📜
Type: string
"32Mi"
pgchecker.resources.limits.cpu📜
Type: string
"20m"
pgchecker.resources.limits.memory📜
Type: string
"32Mi"
postgresql.enabled📜
Type: bool
true
postgresql.postgresqlUsername📜
Type: string
"keycloak"
postgresql.postgresqlPassword📜
Type: string
"keycloak"
postgresql.postgresqlDatabase📜
Type: string
"keycloak"
postgresql.networkPolicy.enabled📜
Type: bool
false
postgresql.global.imagePullSecrets[0]📜
Type: string
"private-registry"
postgresql.image.registry📜
Type: string
"registry1.dso.mil"
postgresql.image.repository📜
Type: string
"ironbank/opensource/postgres/postgresql12"
postgresql.image.tag📜
Type: float
12.15
postgresql.securityContext.enabled📜
Type: bool
true
postgresql.securityContext.fsGroup📜
Type: int
26
postgresql.securityContext.runAsUser📜
Type: int
1000
postgresql.securityContext.runAsGroup📜
Type: int
1000
postgresql.containerSecurityContext.enabled📜
Type: bool
true
postgresql.containerSecurityContext.runAsUser📜
Type: int
26
postgresql.containerSecurityContext.capabilities.drop[0]📜
Type: string
"ALL"
postgresql.resources.requests.cpu📜
Type: string
"250m"
postgresql.resources.requests.memory📜
Type: string
"256Mi"
postgresql.resources.limits.cpu📜
Type: string
"250m"
postgresql.resources.limits.memory📜
Type: string
"256Mi"
serviceMonitor.enabled📜
Type: bool
false
serviceMonitor.namespace📜
Type: string
""
serviceMonitor.namespaceSelector📜
Type: object
{}
Default value (formatted)
{}
serviceMonitor.annotations📜
Type: object
{}
Default value (formatted)
{}
serviceMonitor.labels📜
Type: object
{}
Default value (formatted)
{}
serviceMonitor.interval📜
Type: string
"10s"
serviceMonitor.scrapeTimeout📜
Type: string
"10s"
serviceMonitor.path📜
Type: string
"/metrics"
serviceMonitor.port📜
Type: string
"http"
serviceMonitor.scheme📜
Type: string
""
serviceMonitor.tlsConfig📜
Type: object
{}
Default value (formatted)
{}
extraServiceMonitor.enabled📜
Type: bool
false
extraServiceMonitor.namespace📜
Type: string
""
extraServiceMonitor.namespaceSelector📜
Type: object
{}
Default value (formatted)
{}
extraServiceMonitor.annotations📜
Type: object
{}
Default value (formatted)
{}
extraServiceMonitor.labels📜
Type: object
{}
Default value (formatted)
{}
extraServiceMonitor.interval📜
Type: string
"10s"
extraServiceMonitor.scrapeTimeout📜
Type: string
"10s"
extraServiceMonitor.path📜
Type: string
"/auth/realms/master/metrics"
extraServiceMonitor.port📜
Type: string
"http"
prometheusRule.enabled📜
Type: bool
false
prometheusRule.annotations📜
Type: object
{}
Default value (formatted)
{}
prometheusRule.labels📜
Type: object
{}
Default value (formatted)
{}
prometheusRule.rules📜
Type: list
[]
Default value (formatted)
[]
autoscaling.enabled📜
Type: bool
false
autoscaling.labels📜
Type: object
{}
Default value (formatted)
{}
autoscaling.minReplicas📜
Type: int
3
autoscaling.maxReplicas📜
Type: int
10
autoscaling.metrics[0].type📜
Type: string
"Resource"
autoscaling.metrics[0].resource.name📜
Type: string
"cpu"
autoscaling.metrics[0].resource.target.type📜
Type: string
"Utilization"
autoscaling.metrics[0].resource.target.averageUtilization📜
Type: int
80
autoscaling.behavior.scaleDown.stabilizationWindowSeconds📜
Type: int
300
autoscaling.behavior.scaleDown.policies[0].type📜
Type: string
"Pods"
autoscaling.behavior.scaleDown.policies[0].value📜
Type: int
1
autoscaling.behavior.scaleDown.policies[0].periodSeconds📜
Type: int
300
test.enabled📜
Type: bool
false
test.image.repository📜
Type: string
"docker.io/unguiculus/docker-python3-phantomjs-selenium"
test.image.tag📜
Type: string
"v1"
test.image.pullPolicy📜
Type: string
"IfNotPresent"
test.podSecurityContext.fsGroup📜
Type: int
1000
test.securityContext.runAsUser📜
Type: int
1000
test.securityContext.runAsGroup📜
Type: int
1000
test.securityContext.runAsNonRoot📜
Type: bool
true
domain📜
Type: string
"bigbang.dev"
istio.enabled📜
Type: bool
false
istio.injection📜
Type: string
"disabled"
istio.mtls.mode📜
Type: string
"STRICT"
Description: STRICT = Allow only mutual TLS traffic, PERMISSIVE = Allow both plain text and mutual TLS traffic
istio.keycloak.enabled📜
Type: bool
false
istio.keycloak.annotations📜
Type: object
{}
Default value (formatted)
{}
istio.keycloak.labels📜
Type: object
{}
Default value (formatted)
{}
istio.keycloak.gateways[0]📜
Type: string
"istio-system/main"
istio.keycloak.hosts[0]📜
Type: string
"keycloak.{{ .Values.domain }}"
monitoring.enabled📜
Type: bool
false
networkPolicies.enabled📜
Type: bool
false
networkPolicies.ingressLabels.app📜
Type: string
"istio-ingressgateway"
networkPolicies.ingressLabels.istio📜
Type: string
"ingressgateway"
networkPolicies.smtpPort📜
Type: int
587
networkPolicies.ldap.enabled📜
Type: bool
false
networkPolicies.ldap.cidr📜
Type: string
"X.X.X.X/X"
networkPolicies.ldap.port📜
Type: int
636
openshift📜
Type: bool
false
bbtests.enabled📜
Type: bool
false
bbtests.image📜
Type: string
"registry1.dso.mil/ironbank/big-bang/base:2.0.0"
bbtests.cypress.artifacts📜
Type: bool
true
bbtests.cypress.envs.cypress_url📜
Type: string
"http://keycloak-http.keycloak.svc.cluster.local"
bbtests.cypress.envs.cypress_username📜
Type: string
"admin"
bbtests.cypress.envs.cypress_password📜
Type: string
"password"
bbtests.cypress.envs.cypress_tnr_username📜
Type: string
"cypress"
bbtests.cypress.envs.cypress_tnr_password📜
Type: string
"tnr_w!G33ZyAt@C8"
bbtests.cypress.envs.tnr_username📜
Type: string
"cypress"
bbtests.cypress.envs.tnr_password📜
Type: string
"tnr_w!G33ZyAt@C8"
bbtests.cypress.envs.tnr_firstName📜
Type: string
"Cypress"
bbtests.cypress.envs.tnr_lastName📜
Type: string
"TNR"
bbtests.cypress.envs.tnr_email📜
Type: string
"cypress@tnr.mil"