Skip to content

keycloak values.yaml📜

fullnameOverride📜

Type: string

Default value
""

nameOverride📜

Type: string

Default value
""

replicas📜

Type: int

Default value
1

image.repository📜

Type: string

Default value
"registry1.dso.mil/ironbank/opensource/keycloak/keycloak"

image.tag📜

Type: string

Default value
"25.0.6"

image.digest📜

Type: string

Default value
""

image.pullPolicy📜

Type: string

Default value
"IfNotPresent"

imagePullSecrets[0].name📜

Type: string

Default value
"private-registry"

hostAliases📜

Type: list

Default value
[]

Type: bool

Default value
true

podManagementPolicy📜

Type: string

Default value
"Parallel"

updateStrategy📜

Type: string

Default value
"RollingUpdate"

restartPolicy📜

Type: string

Default value
"Always"

serviceAccount.create📜

Type: bool

Default value
true

serviceAccount.allowReadPods📜

Type: bool

Default value
false

serviceAccount.name📜

Type: string

Default value
""

serviceAccount.annotations📜

Type: object

Default value
{}

serviceAccount.labels📜

Type: object

Default value
{}

serviceAccount.imagePullSecrets📜

Type: list

Default value
[]

serviceAccount.automountServiceAccountToken📜

Type: bool

Default value
true

rbac.create📜

Type: bool

Default value
false

rbac.rules📜

Type: list

Default value
[]

podSecurityContext.fsGroup📜

Type: int

Default value
2000

podSecurityContext.runAsUser📜

Type: int

Default value
2000

podSecurityContext.runAsGroup📜

Type: int

Default value
2000

podSecurityContext.runAsNonRoot📜

Type: bool

Default value
true

securityContext.runAsUser📜

Type: int

Default value
2000

securityContext.runAsGroup📜

Type: int

Default value
2000

securityContext.runAsNonRoot📜

Type: bool

Default value
true

securityContext.capabilities.drop[0]📜

Type: string

Default value
"ALL"

extraInitContainers📜

Type: string

Default value
""

skipInitContainers📜

Type: bool

Default value
false

extraContainers📜

Type: string

Default value
""

lifecycleHooks📜

Type: string

Default value
""

terminationGracePeriodSeconds📜

Type: int

Default value
60

clusterDomain📜

Type: string

Default value
"cluster.local"

command📜

Type: list

Default value
[]

args[0]📜

Type: string

Default value
"start"

extraEnv📜

Type: string

Default value
""

extraEnvFrom📜

Type: string

Default value
"- secretRef:\n    name: '{{ include \"keycloak.fullname\" . }}-env'\n"

priorityClassName📜

Type: string

Default value
""

affinity📜

Type: string

Default value
"podAntiAffinity:\n  requiredDuringSchedulingIgnoredDuringExecution:\n    - labelSelector:\n        matchLabels:\n          {{- include \"keycloak.selectorLabels\" . \| nindent 10 }}\n        matchExpressions:\n          - key: app.kubernetes.io/component\n            operator: NotIn\n            values:\n              - test\n      topologyKey: kubernetes.io/hostname\n  preferredDuringSchedulingIgnoredDuringExecution:\n    - weight: 100\n      podAffinityTerm:\n        labelSelector:\n          matchLabels:\n            {{- include \"keycloak.selectorLabels\" . \| nindent 12 }}\n          matchExpressions:\n            - key: app.kubernetes.io/component\n              operator: NotIn\n              values:\n                - test\n        topologyKey: topology.kubernetes.io/zone\n"

topologySpreadConstraints📜

Type: string

Default value
nil

nodeSelector📜

Type: object

Default value
{}

tolerations📜

Type: list

Default value
[]

podLabels📜

Type: object

Default value
{}

podAnnotations📜

Type: object

Default value
{}

livenessProbe📜

Type: string

Default value
"httpGet:\n  path: /auth/realms/master\n  port: http\n  scheme: HTTP\nfailureThreshold: 15\ntimeoutSeconds: 2\nperiodSeconds: 15\ninitialDelaySeconds: 0\n"

readinessProbe📜

Type: string

Default value
"httpGet:\n  path: /auth/realms/master\n  port: http\n  scheme: HTTP\nfailureThreshold: 15\ntimeoutSeconds: 2\ninitialDelaySeconds: 10\n"

startupProbe📜

Type: string

Default value
"httpGet:\n  path: /auth/realms/master\n  port: http\ninitialDelaySeconds: 90\ntimeoutSeconds: 2\nfailureThreshold: 60\nperiodSeconds: 5\n"

resources.requests.cpu📜

Type: string

Default value
"1"

resources.requests.memory📜

Type: string

Default value
"1Gi"

resources.limits.cpu📜

Type: string

Default value
"1"

resources.limits.memory📜

Type: string

Default value
"1Gi"

extraVolumes📜

Type: string

Default value
""

extraVolumesBigBang📜

Type: object

Default value
{}

extraVolumeMounts📜

Type: string

Default value
""

extraVolumeMountsBigBang📜

Type: object

Default value
{}

extraPorts📜

Type: list

Default value
[]

podDisruptionBudget📜

Type: object

Default value
{}

statefulsetAnnotations📜

Type: object

Default value
{}

statefulsetLabels📜

Type: object

Default value
{}

secrets.env.stringData.JAVA_TOOL_OPTIONS📜

Type: string

Default value
"-Dcom.redhat.fips=false"

secrets.env.stringData.KEYCLOAK_ADMIN📜

Type: string

Default value
"admin"

secrets.env.stringData.KEYCLOAK_ADMIN_PASSWORD📜

Type: string

Default value
"password"

secrets.env.stringData.JAVA_OPTS_APPEND📜

Type: string

Default value
"-Djgroups.dns.query={{ include \"keycloak.fullname\" . }}-headless"

service.annotations📜

Type: object

Default value
{}

service.labels📜

Type: object

Default value
{}

service.type📜

Type: string

Default value
"ClusterIP"

service.loadBalancerIP📜

Type: string

Default value
""

service.httpPort📜

Type: int

Default value
80

service.httpNodePort📜

Type: string

Default value
nil

service.httpsPort📜

Type: int

Default value
8443

service.httpsNodePort📜

Type: string

Default value
nil

service.extraPorts📜

Type: list

Default value
[]

service.loadBalancerSourceRanges📜

Type: list

Default value
[]

service.externalTrafficPolicy📜

Type: string

Default value
"Cluster"

service.sessionAffinity📜

Type: string

Default value
""

service.sessionAffinityConfig📜

Type: object

Default value
{}

serviceHeadless.annotations📜

Type: object

Default value
{}

ingress.enabled📜

Type: bool

Default value
false

ingress.ingressClassName📜

Type: string

Default value
""

ingress.servicePort📜

Type: string

Default value
"http"

ingress.annotations📜

Type: object

Default value
{}

ingress.labels📜

Type: object

Default value
{}

ingress.rules[0].host📜

Type: string

Default value
"{{ .Release.Name }}.keycloak.example.com"

ingress.rules[0].paths[0].path📜

Type: string

Default value
"{{ tpl .Values.http.relativePath $ \| trimSuffix \"/\" }}/"

ingress.rules[0].paths[0].pathType📜

Type: string

Default value
"Prefix"

ingress.console.enabled📜

Type: bool

Default value
false

ingress.console.ingressClassName📜

Type: string

Default value
""

ingress.console.annotations📜

Type: object

Default value
{}

ingress.console.rules[0].host📜

Type: string

Default value
"{{ .Release.Name }}.keycloak.example.com"

ingress.console.rules[0].paths[0].path📜

Type: string

Default value
"{{ tpl .Values.http.relativePath $ \| trimSuffix \"/\" }}/admin"

ingress.console.rules[0].paths[0].pathType📜

Type: string

Default value
"Prefix"

ingress.console.tls📜

Type: list

Default value
[]

networkPolicy.enabled📜

Type: bool

Default value
false

networkPolicy.labels📜

Type: object

Default value
{}

networkPolicy.extraFrom📜

Type: list

Default value
[]

networkPolicy.egress📜

Type: list

Default value
[]

route.enabled📜

Type: bool

Default value
false

route.path📜

Type: string

Default value
"/"

route.annotations📜

Type: object

Default value
{}

route.labels📜

Type: object

Default value
{}

route.host📜

Type: string

Default value
""

route.tls.enabled📜

Type: bool

Default value
true

route.tls.insecureEdgeTerminationPolicy📜

Type: string

Default value
"Redirect"

route.tls.termination📜

Type: string

Default value
"edge"

dbchecker.enabled📜

Type: bool

Default value
true

dbchecker.image.repository📜

Type: string

Default value
"registry1.dso.mil/ironbank/opensource/postgres/postgresql12"

dbchecker.image.tag📜

Type: string

Default value
"12.20"

dbchecker.image.pullPolicy📜

Type: string

Default value
"IfNotPresent"

dbchecker.securityContext.allowPrivilegeEscalation📜

Type: bool

Default value
false

dbchecker.securityContext.runAsUser📜

Type: int

Default value
1000

dbchecker.securityContext.runAsGroup📜

Type: int

Default value
1000

dbchecker.securityContext.runAsNonRoot📜

Type: bool

Default value
true

dbchecker.securityContext.capabilities.drop[0]📜

Type: string

Default value
"ALL"

dbchecker.resources.requests.cpu📜

Type: string

Default value
"250m"

dbchecker.resources.requests.memory📜

Type: string

Default value
"256Mi"

dbchecker.resources.limits.cpu📜

Type: string

Default value
"250m"

dbchecker.resources.limits.memory📜

Type: string

Default value
"256Mi"

postgresql.enabled📜

Type: bool

Default value
true

postgresql.postgresqlUsername📜

Type: string

Default value
"keycloak"

postgresql.postgresqlPassword📜

Type: string

Default value
"keycloak"

postgresql.postgresqlDatabase📜

Type: string

Default value
"keycloak"

postgresql.networkPolicy.enabled📜

Type: bool

Default value
false

postgresql.global.imagePullSecrets[0]📜

Type: string

Default value
"private-registry"

postgresql.image.registry📜

Type: string

Default value
"registry1.dso.mil"

postgresql.image.repository📜

Type: string

Default value
"ironbank/opensource/postgres/postgresql12"

postgresql.image.tag📜

Type: string

Default value
"12.20"

postgresql.securityContext.enabled📜

Type: bool

Default value
true

postgresql.securityContext.fsGroup📜

Type: int

Default value
26

postgresql.securityContext.runAsUser📜

Type: int

Default value
1000

postgresql.securityContext.runAsGroup📜

Type: int

Default value
1000

postgresql.containerSecurityContext.enabled📜

Type: bool

Default value
true

postgresql.containerSecurityContext.runAsUser📜

Type: int

Default value
26

postgresql.containerSecurityContext.capabilities.drop[0]📜

Type: string

Default value
"ALL"

postgresql.resources.requests.cpu📜

Type: string

Default value
"250m"

postgresql.resources.requests.memory📜

Type: string

Default value
"256Mi"

postgresql.resources.limits.cpu📜

Type: string

Default value
"250m"

postgresql.resources.limits.memory📜

Type: string

Default value
"256Mi"

database.existingSecret📜

Type: string

Default value
""

database.existingSecretKey📜

Type: string

Default value
""

database.vendor📜

Type: string

Default value
nil

database.hostname📜

Type: string

Default value
nil

database.port📜

Type: string

Default value
nil

database.database📜

Type: string

Default value
nil

database.username📜

Type: string

Default value
nil

database.password📜

Type: string

Default value
nil

cache.stack📜

Type: string

Default value
"default"

proxy.enabled📜

Type: bool

Default value
true

proxy.mode📜

Type: string

Default value
"forwarded"

proxy.http.enabled📜

Type: bool

Default value
true

metrics.enabled📜

Type: bool

Default value
true

health.enabled📜

Type: bool

Default value
true

http.relativePath📜

Type: string

Default value
"/auth"

http.internalPort📜

Type: string

Default value
"http-internal"

http.internalScheme📜

Type: string

Default value
"HTTP"

serviceMonitor.enabled📜

Type: bool

Default value
false

serviceMonitor.namespace📜

Type: string

Default value
""

serviceMonitor.namespaceSelector📜

Type: object

Default value
{}

serviceMonitor.annotations📜

Type: object

Default value
{}

serviceMonitor.labels📜

Type: object

Default value
{}

serviceMonitor.interval📜

Type: string

Default value
"10s"

serviceMonitor.scrapeTimeout📜

Type: string

Default value
"10s"

serviceMonitor.path📜

Type: string

Default value
"{{ tpl .Values.http.relativePath $ \| trimSuffix \"/\" }}/metrics"

serviceMonitor.port📜

Type: string

Default value
"{{ .Values.http.internalPort }}"

serviceMonitor.scheme📜

Type: string

Default value
""

serviceMonitor.tlsConfig📜

Type: object

Default value
{}

extraServiceMonitor.enabled📜

Type: bool

Default value
false

extraServiceMonitor.namespace📜

Type: string

Default value
""

extraServiceMonitor.namespaceSelector📜

Type: object

Default value
{}

extraServiceMonitor.annotations📜

Type: object

Default value
{}

extraServiceMonitor.labels📜

Type: object

Default value
{}

extraServiceMonitor.interval📜

Type: string

Default value
"10s"

extraServiceMonitor.scrapeTimeout📜

Type: string

Default value
"10s"

extraServiceMonitor.path📜

Type: string

Default value
"{{ tpl .Values.http.relativePath $ \| trimSuffix \"/\" }}/metrics"

extraServiceMonitor.port📜

Type: string

Default value
"{{ .Values.http.internalPort }}"

extraServiceMonitor.scheme📜

Type: string

Default value
""

extraServiceMonitor.tlsConfig📜

Type: object

Default value
{}

prometheusRule.enabled📜

Type: bool

Default value
false

prometheusRule.namespace📜

Type: string

Default value
""

prometheusRule.annotations📜

Type: object

Default value
{}

prometheusRule.labels📜

Type: object

Default value
{}

prometheusRule.rules📜

Type: list

Default value
[]

autoscaling.enabled📜

Type: bool

Default value
false

autoscaling.labels📜

Type: object

Default value
{}

autoscaling.minReplicas📜

Type: int

Default value
3

autoscaling.maxReplicas📜

Type: int

Default value
10

autoscaling.metrics[0].type📜

Type: string

Default value
"Resource"

autoscaling.metrics[0].resource.name📜

Type: string

Default value
"cpu"

autoscaling.metrics[0].resource.target.type📜

Type: string

Default value
"Utilization"

autoscaling.metrics[0].resource.target.averageUtilization📜

Type: int

Default value
80

autoscaling.behavior.scaleDown.stabilizationWindowSeconds📜

Type: int

Default value
300

autoscaling.behavior.scaleDown.policies[0].type📜

Type: string

Default value
"Pods"

autoscaling.behavior.scaleDown.policies[0].value📜

Type: int

Default value
1

autoscaling.behavior.scaleDown.policies[0].periodSeconds📜

Type: int

Default value
300

test.enabled📜

Type: bool

Default value
false

test.image.repository📜

Type: string

Default value
"docker.io/seleniarm/standalone-chromium"

test.image.tag📜

Type: string

Default value
"117.0"

test.image.pullPolicy📜

Type: string

Default value
"IfNotPresent"

test.podSecurityContext.fsGroup📜

Type: int

Default value
1000

test.securityContext.runAsUser📜

Type: int

Default value
1000

test.securityContext.runAsNonRoot📜

Type: bool

Default value
true

test.deletionPolicy📜

Type: string

Default value
"before-hook-creation"

domain📜

Type: string

Default value
"dev.bigbang.mil"

istio.enabled📜

Type: bool

Default value
false

istio.hardened.enabled📜

Type: bool

Default value
false

istio.hardened.customAuthorizationPolicies📜

Type: list

Default value
[]

istio.hardened.outboundTrafficPolicyMode📜

Type: string

Default value
"REGISTRY_ONLY"

istio.hardened.customServiceEntries📜

Type: list

Default value
[]

istio.injection📜

Type: string

Default value
"disabled"

istio.mtls.mode📜

Type: string

Default value
"STRICT"

Description: STRICT = Allow only mutual TLS traffic, PERMISSIVE = Allow both plain text and mutual TLS traffic

istio.keycloak.enabled📜

Type: bool

Default value
false

istio.keycloak.annotations📜

Type: object

Default value
{}

istio.keycloak.labels📜

Type: object

Default value
{}

istio.keycloak.gateways[0]📜

Type: string

Default value
"istio-system/main"

istio.keycloak.hosts[0]📜

Type: string

Default value
"keycloak.{{ .Values.domain }}"

monitoring.enabled📜

Type: bool

Default value
false

networkPolicies.enabled📜

Type: bool

Default value
false

networkPolicies.ingressLabels.app📜

Type: string

Default value
"istio-ingressgateway"

networkPolicies.ingressLabels.istio📜

Type: string

Default value
"ingressgateway"

networkPolicies.smtpPort📜

Type: int

Default value
587

networkPolicies.ldap.enabled📜

Type: bool

Default value
false

networkPolicies.ldap.cidr📜

Type: string

Default value
"X.X.X.X/X"

networkPolicies.ldap.port📜

Type: int

Default value
636

networkPolicies.additionalPolicies📜

Type: list

Default value
[]

openshift📜

Type: bool

Default value
false

bbtests.enabled📜

Type: bool

Default value
false

bbtests.image📜

Type: string

Default value
"registry1.dso.mil/ironbank/big-bang/base:2.1.0"

bbtests.cypress.artifacts📜

Type: bool

Default value
true

bbtests.cypress.envs.cypress_url📜

Type: string

Default value
"http://keycloak-http.keycloak.svc.cluster.local"

bbtests.cypress.envs.cypress_username📜

Type: string

Default value
"admin"

bbtests.cypress.envs.cypress_password📜

Type: string

Default value
"password"

bbtests.cypress.envs.cypress_tnr_username📜

Type: string

Default value
"cypress"

bbtests.cypress.envs.cypress_tnr_password📜

Type: string

Default value
"tnr_w!G33ZyAt@C8"

bbtests.cypress.envs.tnr_username📜

Type: string

Default value
"cypress"

bbtests.cypress.envs.tnr_password📜

Type: string

Default value
"tnr_w!G33ZyAt@C8"

bbtests.cypress.envs.tnr_firstName📜

Type: string

Default value
"Cypress"

bbtests.cypress.envs.tnr_lastName📜

Type: string

Default value
"TNR"

bbtests.cypress.envs.tnr_email📜

Type: string

Default value
"cypress@tnr.mil"