keycloak values.yaml📜
domain📜
Type: string
"dev.bigbang.mil"
Description: The base domain for all Big Bang components. Keycloak will be available at keycloak.%domain%
istio.enabled📜
Type: bool
false
istio.sidecar.enabled📜
Type: bool
false
istio.sidecar.outboundTrafficPolicyMode📜
Type: string
"REGISTRY_ONLY"
istio.serviceEntries.custom📜
Type: list
[]
istio.authorizationPolicies.enabled📜
Type: bool
false
istio.authorizationPolicies.custom📜
Type: list
[]
istio.mtls.mode📜
Type: string
"STRICT"
routes.inbound.keycloak.enabled📜
Type: bool
true
routes.inbound.keycloak.gateways[0]📜
Type: string
"istio-gateway/passthrough-ingressgateway"
routes.inbound.keycloak.hosts[0]📜
Type: string
"keycloak.{{ .Values.domain }}"
routes.inbound.keycloak.service📜
Type: string
"keycloak-keycloak-http.keycloak.svc.cluster.local"
routes.inbound.keycloak.port📜
Type: int
8443
routes.inbound.keycloak.passthrough.enabled📜
Type: bool
true
networkPolicies.enabled📜
Type: bool
false
Description: Enable or disable the bundled network policies
networkPolicies.ingress📜
Type: object
to:
keycloak:9000:
from:
k8s:
monitoring-monitoring-kube-prometheus@monitoring/prometheus: false
Description: Configures additional network policies beyond the ones bundled with the chart, using the bb-common shorthand
networkPolicies.egress.definitions.smtp-subnets.to[0].ipBlock.cidr📜
Type: string
"192.168.0.0/16"
networkPolicies.egress.definitions.smtp-subnets.to[1].ipBlock.cidr📜
Type: string
"172.16.0.0/12"
networkPolicies.egress.definitions.smtp-subnets.to[2].ipBlock.cidr📜
Type: string
"10.0.0.0/8"
networkPolicies.egress.definitions.smtp-subnets.ports[0].port📜
Type: int
587
networkPolicies.egress.definitions.smtp-subnets.ports[0].protocol📜
Type: string
"TCP"
networkPolicies.egress.definitions.ldap-subnets.to[0].ipBlock.cidr📜
Type: string
"192.168.0.0/16"
networkPolicies.egress.definitions.ldap-subnets.to[1].ipBlock.cidr📜
Type: string
"172.16.0.0/12"
networkPolicies.egress.definitions.ldap-subnets.to[2].ipBlock.cidr📜
Type: string
"10.0.0.0/8"
networkPolicies.egress.definitions.ldap-subnets.ports[0].port📜
Type: int
636
networkPolicies.egress.definitions.ldap-subnets.ports[0].protocol📜
Type: string
"TCP"
networkPolicies.egress.from.keycloak.to.k8s.tempo/tempo:9411📜
Type: bool
false
networkPolicies.egress.from.keycloak.to.definition.ldap-subnets📜
Type: bool
false
networkPolicies.egress.from.keycloak.to.definition.smtp-subnets📜
Type: bool
false
networkPolicies.additionalPolicies📜
Type: list
[]
bbtests.enabled📜
Type: bool
false
Description: Enables the Big Bang test hooks
bbtests.image📜
Type: string
"registry1.dso.mil/ironbank/big-bang/base:2.1.0"
bbtests.cypress.artifacts📜
Type: bool
true
bbtests.cypress.envs.cypress_viewport_width📜
Type: string
"1920"
bbtests.cypress.envs.cypress_viewport_height📜
Type: string
"1080"
bbtests.cypress.envs.cypress_url📜
Type: string
"http://keycloak-keycloak-http.keycloak.svc.cluster.local"
bbtests.cypress.envs.cypress_username📜
Type: string
"admin"
bbtests.cypress.envs.cypress_password📜
Type: string
"password"
bbtests.cypress.envs.cypress_tnr_username📜
Type: string
"cypress"
bbtests.cypress.envs.cypress_tnr_password📜
Type: string
"tnr_w!G33ZyAt@C8"
bbtests.cypress.envs.tnr_username📜
Type: string
"cypress"
bbtests.cypress.envs.tnr_password📜
Type: string
"tnr_w!G33ZyAt@C8"
bbtests.cypress.envs.tnr_firstName📜
Type: string
"Cypress"
bbtests.cypress.envs.tnr_lastName📜
Type: string
"TNR"
bbtests.cypress.envs.tnr_email📜
Type: string
"cypress@tnr.mil"
bbtests.scripts.envs.HEADLESS_SERVICE📜
Type: string
"keycloak-keycloak-headless.keycloak.svc.cluster.local"
bbtests.scripts.envs.PORT📜
Type: string
"7800"
bbtests.scripts.envs.TIMEOUT📜
Type: string
"10"
upstream.fullnameOverride📜
Type: string
"keycloak-keycloak"
upstream.nameOverride📜
Type: string
"keycloak"
upstream.podAnnotations.”proxy.istio.io/config”📜
Type: string
"proxyMetadata:\n ISTIO_META_DNS_CAPTURE: \"true\"\n"
upstream.replicas📜
Type: int
1
upstream.image.repository📜
Type: string
"registry1.dso.mil/ironbank/opensource/keycloak/keycloak"
Description: The Keycloak image repository
upstream.image.tag📜
Type: string
"26.5.4"
upstream.podSecurityContext📜
Type: object
fsGroup: 2000
runAsGroup: 2000
runAsNonRoot: true
runAsUser: 2000
Description: SecurityContext for the entire Pod. Every container running in the Pod will inherit this SecurityContext. This might be relevant when other components of the environment inject additional containers into running Pods (service meshes are the most prominent example for this)
upstream.securityContext📜
Type: object
capabilities:
drop:
- ALL
runAsGroup: 2000
runAsNonRoot: true
runAsUser: 2000
Description: SecurityContext for the Keycloak container
upstream.args📜
Type: list
- start
Description: Overrides the default args for the Keycloak container arg: “start” needs to be set for the container to start up properly
upstream.extraEnvFrom📜
Type: string
"- secretRef:\n name: '{{ include \"keycloak.fullname\" . }}-env'\n"
Description: Additional environment variables for Keycloak mapped from Secret or ConfigMap
upstream.resources📜
Type: object
limits:
memory: 1Gi
requests:
cpu: '1'
memory: 1Gi
Description: Pod resource requests and limits
upstream.secrets📜
Type: object
env:
stringData:
JAVA_OPTS_APPEND: -Djgroups.dns.query={{ include "keycloak.fullname" . }}-headless
JAVA_TOOL_OPTIONS: -Dcom.redhat.fips=false
KC_HOSTNAME: keycloak.dev.bigbang.mil
KEYCLOAK_ADMIN: admin
KEYCLOAK_ADMIN_PASSWORD: password
Description: Configuration for secrets that should be created The secrets can also be independently created separate from this helm chart. for example with a gitops tool like flux with a kustomize overlay. NOTE: Secret values can be templated
upstream.secrets.env📜
Type: object
stringData:
JAVA_OPTS_APPEND: -Djgroups.dns.query={{ include "keycloak.fullname" . }}-headless
JAVA_TOOL_OPTIONS: -Dcom.redhat.fips=false
KC_HOSTNAME: keycloak.dev.bigbang.mil
KEYCLOAK_ADMIN: admin
KEYCLOAK_ADMIN_PASSWORD: password
Description: Environmental variables
upstream.secrets.env.stringData.JAVA_TOOL_OPTIONS📜
Type: string
"-Dcom.redhat.fips=false"
upstream.secrets.env.stringData.KEYCLOAK_ADMIN📜
Type: string
"admin"
Description: default admin credentials. Override them for production deployments
upstream.secrets.env.stringData.JAVA_OPTS_APPEND📜
Type: string
"-Djgroups.dns.query={{ include \"keycloak.fullname\" . }}-headless"
Description: https://www.keycloak.org/server/caching
upstream.dbchecker.enabled📜
Type: bool
false
Description: If true, the dbchecker init container is enabled; this is incompatible with Big Bang and so is disabled by default.
upstream.database📜
Type: object
database: keycloak
hostname: keycloak-keycloak-postgresql
password: keycloak
port: 5432
username: keycloak
vendor: postgres
Description: Configures the database connection; can be configured here and/or via environment variables with upstream.secrets.env
upstream.database.hostname📜
Type: string
"keycloak-keycloak-postgresql"
Description: you will need to change the hostname to match : %fullnameOverride%-postgresql
postgresql.enabled📜
Type: bool
true
Description: If true, the Postgresql dependency is enabled
postgresql.image.registry📜
Type: string
"registry1.dso.mil"
postgresql.image.repository📜
Type: string
"ironbank/bitnami/postgres"
postgresql.image.tag📜
Type: string
"17.4.0"
postgresql.global.security.allowInsecureImages📜
Type: bool
true
Description: Allow registry1.dso.mil in lieu of the default bitnami registry
postgresql.global.postgresql.auth.username📜
Type: string
"keycloak"
Description: PostgreSQL User to create
postgresql.global.postgresql.auth.password📜
Type: string
"keycloak"
Description: PostgreSQL Password for the new user
postgresql.global.postgresql.auth.database📜
Type: string
"keycloak"
Description: PostgreSQL Database to create
postgresql.primary.networkPolicy.enabled📜
Type: bool
false