keycloak values.yaml
💣
fullnameOverride💣
Type: string
""
nameOverride💣
Type: string
""
replicas💣
Type: int
1
image.repository💣
Type: string
"registry.dso.mil/platform-one/big-bang/apps/security-tools/keycloak/keycloak-ib"
image.tag💣
Type: string
"18.0.2-1.2.0-1"
image.pullPolicy💣
Type: string
"IfNotPresent"
imagePullSecrets[0].name💣
Type: string
"private-registry"
hostAliases💣
Type: list
[]
Default value (formatted)
[]
enableServiceLinks💣
Type: bool
true
podManagementPolicy💣
Type: string
"Parallel"
restartPolicy💣
Type: string
"Always"
serviceAccount.create💣
Type: bool
true
serviceAccount.name💣
Type: string
""
serviceAccount.annotations💣
Type: object
{}
Default value (formatted)
{}
serviceAccount.labels💣
Type: object
{}
Default value (formatted)
{}
serviceAccount.imagePullSecrets💣
Type: list
[]
Default value (formatted)
[]
rbac.create💣
Type: bool
false
rbac.rules💣
Type: list
[]
Default value (formatted)
[]
podSecurityContext.fsGroup💣
Type: int
1000
securityContext.runAsUser💣
Type: int
1000
securityContext.runAsNonRoot💣
Type: bool
true
extraInitContainers💣
Type: string
""
skipInitContainers💣
Type: bool
false
extraContainers💣
Type: string
""
lifecycleHooks💣
Type: string
""
terminationGracePeriodSeconds💣
Type: int
60
clusterDomain💣
Type: string
"cluster.local"
command💣
Type: list
[]
Default value (formatted)
[]
args[0]💣
Type: string
"-b 0.0.0.0"
args[1]💣
Type: string
"-Dkeycloak.profile.feature.admin_fine_grained_authz=enabled"
args[2]💣
Type: string
"-Dkeycloak.profile.feature.declarative_user_profile=enabled"
extraEnv💣
Type: string
""
extraEnvFrom💣
Type: string
"- secretRef:\n name: '{{ include \"keycloak.fullname\" . }}-env'\n"
Default value (formatted)
- secretRef:
name: '{{ include \"keycloak.fullname\" . }}-env'
priorityClassName💣
Type: string
""
affinity💣
Type: string
"podAntiAffinity:\n requiredDuringSchedulingIgnoredDuringExecution:\n - labelSelector:\n matchLabels:\n {{- include \"keycloak.selectorLabels\" . \| nindent 10 }}\n matchExpressions:\n - key: app.kubernetes.io/component\n operator: NotIn\n values:\n - test\n topologyKey: kubernetes.io/hostname\n preferredDuringSchedulingIgnoredDuringExecution:\n - weight: 100\n podAffinityTerm:\n labelSelector:\n matchLabels:\n {{- include \"keycloak.selectorLabels\" . \| nindent 12 }}\n matchExpressions:\n - key: app.kubernetes.io/component\n operator: NotIn\n values:\n - test\n topologyKey: failure-domain.beta.kubernetes.io/zone\n"
Default value (formatted)
podAntiAffinity:
requiredDuringSchedulingIgnoredDuringExecution:
- labelSelector:
matchLabels:
{{- include \"keycloak.selectorLabels\" . \| nindent 10 }}
matchExpressions:
- key: app.kubernetes.io/component
operator: NotIn
values:
- test
topologyKey: kubernetes.io/hostname
preferredDuringSchedulingIgnoredDuringExecution:
- weight: 100
podAffinityTerm:
labelSelector:
matchLabels:
{{- include \"keycloak.selectorLabels\" . \| nindent 12 }}
matchExpressions:
- key: app.kubernetes.io/component
operator: NotIn
values:
- test
topologyKey: failure-domain.beta.kubernetes.io/zone
topologySpreadConstraints💣
Type: string
nil
nodeSelector💣
Type: object
{}
Default value (formatted)
{}
tolerations💣
Type: list
[]
Default value (formatted)
[]
podLabels💣
Type: object
{}
Default value (formatted)
{}
podAnnotations💣
Type: object
{}
Default value (formatted)
{}
livenessProbe💣
Type: string
"httpGet:\n path: /auth/realms/master\n port: http\n scheme: HTTP\nfailureThreshold: 15\ntimeoutSeconds: 2\nperiodSeconds: 15\n"
Default value (formatted)
httpGet:
path: /auth/realms/master
port: http
scheme: HTTP
failureThreshold: 15
timeoutSeconds: 2
periodSeconds: 15
readinessProbe💣
Type: string
"httpGet:\n path: /auth/realms/master\n port: http\n scheme: HTTP\nfailureThreshold: 15\ntimeoutSeconds: 2\n"
Default value (formatted)
httpGet:
path: /auth/realms/master
port: http
scheme: HTTP
failureThreshold: 15
timeoutSeconds: 2
startupProbe💣
Type: string
"httpGet:\n path: /auth/realms/master\n port: http\ninitialDelaySeconds: 90\ntimeoutSeconds: 2\nfailureThreshold: 60\nperiodSeconds: 5\n"
Default value (formatted)
httpGet:
path: /auth/realms/master
port: http
initialDelaySeconds: 90
timeoutSeconds: 2
failureThreshold: 60
periodSeconds: 5
resources.requests.cpu💣
Type: string
"1"
resources.requests.memory💣
Type: string
"1Gi"
resources.limits.cpu💣
Type: string
"1"
resources.limits.memory💣
Type: string
"1Gi"
extraVolumes💣
Type: string
""
extraVolumesBigBang💣
Type: object
{}
Default value (formatted)
{}
extraVolumeMounts💣
Type: string
""
extraVolumeMountsBigBang💣
Type: object
{}
Default value (formatted)
{}
extraPorts[0].name💣
Type: string
"jgroup"
extraPorts[0].containerPort💣
Type: int
7600
extraPorts[0].protocol💣
Type: string
"TCP"
podDisruptionBudget💣
Type: object
{}
Default value (formatted)
{}
statefulsetAnnotations💣
Type: object
{}
Default value (formatted)
{}
statefulsetLabels💣
Type: object
{}
Default value (formatted)
{}
secrets.env.stringData.JAVA_TOOL_OPTIONS💣
Type: string
"-XX:+UseContainerSupport -XX:MaxRAMPercentage=50.0 -Dcom.redhat.fips=false"
secrets.env.stringData.KEYCLOAK_USER💣
Type: string
"{{ .Values.secrets.credentials.stringData.adminuser }}"
secrets.env.stringData.KEYCLOAK_PASSWORD💣
Type: string
"{{ .Values.secrets.credentials.stringData.password }}"
secrets.env.stringData.PROXY_ADDRESS_FORWARDING💣
Type: string
"true"
secrets.env.stringData.JGROUPS_DISCOVERY_PROTOCOL💣
Type: string
"dns.DNS_PING"
secrets.env.stringData.JGROUPS_DISCOVERY_PROPERTIES💣
Type: string
'dns_query={{ include "keycloak.serviceDnsName" . }}'
secrets.env.stringData.KEYCLOAK_SERVICE_DNS_NAME💣
Type: string
'{{ include "keycloak.serviceDnsName" . }}'
secrets.env.stringData.CACHE_OWNERS_COUNT💣
Type: string
"2"
secrets.env.stringData.CACHE_OWNERS_AUTH_SESSIONS_COUNT💣
Type: string
"2"
secrets.env.stringData.KEYCLOAK_STATISTICS💣
Type: string
"{{ if .Values.serviceMonitor.enabled }}all{{ end }}"
secrets.credentials.stringData.adminuser💣
Type: string
"admin"
secrets.credentials.stringData.password💣
Type: string
"password"
service.annotations💣
Type: object
{}
Default value (formatted)
{}
service.labels💣
Type: object
{}
Default value (formatted)
{}
service.type💣
Type: string
"ClusterIP"
service.loadBalancerIP💣
Type: string
""
service.httpPort💣
Type: int
80
service.httpNodePort💣
Type: string
nil
service.httpsPort💣
Type: int
8443
service.httpsNodePort💣
Type: string
nil
service.httpManagementPort💣
Type: int
9990
service.httpManagementNodePort💣
Type: string
nil
service.extraPorts[0].name💣
Type: string
"jgroup"
service.extraPorts[0].port💣
Type: int
7600
service.extraPorts[0].targetPort💣
Type: string
"jgroup"
service.extraPorts[0].protocol💣
Type: string
"TCP"
service.loadBalancerSourceRanges💣
Type: list
[]
Default value (formatted)
[]
service.externalTrafficPolicy💣
Type: string
"Cluster"
service.sessionAffinity💣
Type: string
""
service.sessionAffinityConfig💣
Type: object
{}
Default value (formatted)
{}
ingress.enabled💣
Type: bool
false
ingress.ingressClassName💣
Type: string
""
ingress.servicePort💣
Type: string
"http"
ingress.annotations💣
Type: object
{}
Default value (formatted)
{}
ingress.labels💣
Type: object
{}
Default value (formatted)
{}
ingress.rules[0].host💣
Type: string
"{{ .Release.Name }}.keycloak.example.com"
ingress.rules[0].paths[0].path💣
Type: string
"/"
ingress.rules[0].paths[0].pathType💣
Type: string
"Prefix"
ingress.tls[0].hosts[0]💣
Type: string
"keycloak.example.com"
ingress.tls[0].secretName💣
Type: string
""
ingress.console.enabled💣
Type: bool
false
ingress.console.ingressClassName💣
Type: string
""
ingress.console.annotations💣
Type: object
{}
Default value (formatted)
{}
ingress.console.rules[0].host💣
Type: string
"{{ .Release.Name }}.keycloak.example.com"
ingress.console.rules[0].paths[0].path💣
Type: string
"/auth/admin/"
ingress.console.rules[0].paths[0].pathType💣
Type: string
"Prefix"
ingress.console.tls💣
Type: list
[]
Default value (formatted)
[]
networkPolicy.enabled💣
Type: bool
false
networkPolicy.labels💣
Type: object
{}
Default value (formatted)
{}
networkPolicy.extraFrom💣
Type: list
[]
Default value (formatted)
[]
route.enabled💣
Type: bool
false
route.path💣
Type: string
"/"
route.annotations💣
Type: object
{}
Default value (formatted)
{}
route.labels💣
Type: object
{}
Default value (formatted)
{}
route.host💣
Type: string
""
route.tls.enabled💣
Type: bool
true
route.tls.insecureEdgeTerminationPolicy💣
Type: string
"Redirect"
route.tls.termination💣
Type: string
"edge"
pgchecker.image.repository💣
Type: string
"registry1.dso.mil/ironbank/opensource/postgres/postgresql12"
pgchecker.image.tag💣
Type: float
12.11
pgchecker.image.pullPolicy💣
Type: string
"IfNotPresent"
pgchecker.securityContext.allowPrivilegeEscalation💣
Type: bool
false
pgchecker.securityContext.runAsUser💣
Type: int
1000
pgchecker.securityContext.runAsGroup💣
Type: int
1000
pgchecker.securityContext.runAsNonRoot💣
Type: bool
true
pgchecker.resources.requests.cpu💣
Type: string
"20m"
pgchecker.resources.requests.memory💣
Type: string
"32Mi"
pgchecker.resources.limits.cpu💣
Type: string
"20m"
pgchecker.resources.limits.memory💣
Type: string
"32Mi"
postgresql.enabled💣
Type: bool
true
postgresql.postgresqlUsername💣
Type: string
"keycloak"
postgresql.postgresqlPassword💣
Type: string
"keycloak"
postgresql.postgresqlDatabase💣
Type: string
"keycloak"
postgresql.networkPolicy.enabled💣
Type: bool
false
postgresql.global.imagePullSecrets[0]💣
Type: string
"private-registry"
postgresql.image.registry💣
Type: string
"registry1.dso.mil"
postgresql.image.repository💣
Type: string
"ironbank/opensource/postgres/postgresql12"
postgresql.image.tag💣
Type: float
12.11
postgresql.securityContext.enabled💣
Type: bool
true
postgresql.securityContext.fsGroup💣
Type: int
26
postgresql.securityContext.runAsUser💣
Type: int
26
postgresql.securityContext.runAsGroup💣
Type: int
26
postgresql.containerSecurityContext.enabled💣
Type: bool
true
postgresql.containerSecurityContext.runAsUser💣
Type: int
26
postgresql.resources.requests.cpu💣
Type: string
"250m"
postgresql.resources.requests.memory💣
Type: string
"256Mi"
postgresql.resources.limits.cpu💣
Type: string
"250m"
postgresql.resources.limits.memory💣
Type: string
"256Mi"
serviceMonitor.enabled💣
Type: bool
false
serviceMonitor.namespace💣
Type: string
""
serviceMonitor.namespaceSelector💣
Type: object
{}
Default value (formatted)
{}
serviceMonitor.annotations💣
Type: object
{}
Default value (formatted)
{}
serviceMonitor.labels💣
Type: object
{}
Default value (formatted)
{}
serviceMonitor.interval💣
Type: string
"10s"
serviceMonitor.scrapeTimeout💣
Type: string
"10s"
serviceMonitor.path💣
Type: string
"/metrics"
serviceMonitor.port💣
Type: string
"http-management"
extraServiceMonitor.enabled💣
Type: bool
false
extraServiceMonitor.namespace💣
Type: string
""
extraServiceMonitor.namespaceSelector💣
Type: object
{}
Default value (formatted)
{}
extraServiceMonitor.annotations💣
Type: object
{}
Default value (formatted)
{}
extraServiceMonitor.labels💣
Type: object
{}
Default value (formatted)
{}
extraServiceMonitor.interval💣
Type: string
"10s"
extraServiceMonitor.scrapeTimeout💣
Type: string
"10s"
extraServiceMonitor.path💣
Type: string
"/auth/realms/master/metrics"
extraServiceMonitor.port💣
Type: string
"http"
prometheusRule.enabled💣
Type: bool
false
prometheusRule.annotations💣
Type: object
{}
Default value (formatted)
{}
prometheusRule.labels💣
Type: object
{}
Default value (formatted)
{}
prometheusRule.rules💣
Type: list
[]
Default value (formatted)
[]
autoscaling.enabled💣
Type: bool
false
autoscaling.labels💣
Type: object
{}
Default value (formatted)
{}
autoscaling.minReplicas💣
Type: int
3
autoscaling.maxReplicas💣
Type: int
10
autoscaling.metrics[0].type💣
Type: string
"Resource"
autoscaling.metrics[0].resource.name💣
Type: string
"cpu"
autoscaling.metrics[0].resource.target.type💣
Type: string
"Utilization"
autoscaling.metrics[0].resource.target.averageUtilization💣
Type: int
80
autoscaling.behavior.scaleDown.stabilizationWindowSeconds💣
Type: int
300
autoscaling.behavior.scaleDown.policies[0].type💣
Type: string
"Pods"
autoscaling.behavior.scaleDown.policies[0].value💣
Type: int
1
autoscaling.behavior.scaleDown.policies[0].periodSeconds💣
Type: int
300
test.enabled💣
Type: bool
false
test.image.repository💣
Type: string
"docker.io/unguiculus/docker-python3-phantomjs-selenium"
test.image.tag💣
Type: string
"v1"
test.image.pullPolicy💣
Type: string
"IfNotPresent"
test.podSecurityContext.fsGroup💣
Type: int
1000
test.securityContext.runAsUser💣
Type: int
1000
test.securityContext.runAsNonRoot💣
Type: bool
true
hostname💣
Type: string
"bigbang.dev"
istio.enabled💣
Type: bool
false
istio.injection💣
Type: string
"disabled"
istio.mtls.mode💣
Type: string
"STRICT"
Description: STRICT = Allow only mutual TLS traffic, PERMISSIVE = Allow both plain text and mutual TLS traffic
istio.keycloak.enabled💣
Type: bool
false
istio.keycloak.annotations💣
Type: object
{}
Default value (formatted)
{}
istio.keycloak.labels💣
Type: object
{}
Default value (formatted)
{}
istio.keycloak.gateways[0]💣
Type: string
"istio-system/main"
istio.keycloak.hosts[0]💣
Type: string
"keycloak.{{ .Values.hostname }}"
monitoring.enabled💣
Type: bool
false
networkPolicies.enabled💣
Type: bool
false
networkPolicies.ingressLabels.app💣
Type: string
"istio-ingressgateway"
networkPolicies.ingressLabels.istio💣
Type: string
"ingressgateway"
networkPolicies.smtpPort💣
Type: int
587
openshift💣
Type: bool
false
bbtests.enabled💣
Type: bool
false
bbtests.image💣
Type: string
"registry1.dso.mil/ironbank/big-bang/base:2.0.0"
bbtests.cypress.artifacts💣
Type: bool
true
bbtests.cypress.envs.cypress_url💣
Type: string
"https://keycloak-http.keycloak.svc.cluster.local:8443"
bbtests.cypress.envs.cypress_username💣
Type: string
"admin"
bbtests.cypress.envs.cypress_password💣
Type: string
"password"
bbtests.cypress.envs.tnr_username💣
Type: string
"cypress"
bbtests.cypress.envs.tnr_password💣
Type: string
"tnr_w!G33ZyAt@C8"
bbtests.cypress.envs.tnr_firstName💣
Type: string
"Cypress"
bbtests.cypress.envs.tnr_lastName💣
Type: string
"TNR"
bbtests.cypress.envs.tnr_email💣
Type: string
"cypress@tnr.mil"