Skip to content

keycloak values.yaml💣

fullnameOverride💣

Type: string

Default value
""

nameOverride💣

Type: string

Default value
""

replicas💣

Type: int

Default value
1

image.repository💣

Type: string

Default value
"registry.dso.mil/platform-one/big-bang/apps/security-tools/keycloak/keycloak-ib"

image.tag💣

Type: string

Default value
"18.0.2-1.2.0-1"

image.pullPolicy💣

Type: string

Default value
"IfNotPresent"

imagePullSecrets[0].name💣

Type: string

Default value
"private-registry"

hostAliases💣

Type: list

Default value
[]
Default value (formatted)
[]

Type: bool

Default value
true

podManagementPolicy💣

Type: string

Default value
"Parallel"

restartPolicy💣

Type: string

Default value
"Always"

serviceAccount.create💣

Type: bool

Default value
true

serviceAccount.name💣

Type: string

Default value
""

serviceAccount.annotations💣

Type: object

Default value
{}
Default value (formatted)
{}

serviceAccount.labels💣

Type: object

Default value
{}
Default value (formatted)
{}

serviceAccount.imagePullSecrets💣

Type: list

Default value
[]
Default value (formatted)
[]

rbac.create💣

Type: bool

Default value
false

rbac.rules💣

Type: list

Default value
[]
Default value (formatted)
[]

podSecurityContext.fsGroup💣

Type: int

Default value
1000

securityContext.runAsUser💣

Type: int

Default value
1000

securityContext.runAsNonRoot💣

Type: bool

Default value
true

extraInitContainers💣

Type: string

Default value
""

skipInitContainers💣

Type: bool

Default value
false

extraContainers💣

Type: string

Default value
""

lifecycleHooks💣

Type: string

Default value
""

terminationGracePeriodSeconds💣

Type: int

Default value
60

clusterDomain💣

Type: string

Default value
"cluster.local"

command💣

Type: list

Default value
[]
Default value (formatted)
[]

args[0]💣

Type: string

Default value
"-b 0.0.0.0"

args[1]💣

Type: string

Default value
"-Dkeycloak.profile.feature.admin_fine_grained_authz=enabled"

args[2]💣

Type: string

Default value
"-Dkeycloak.profile.feature.declarative_user_profile=enabled"

extraEnv💣

Type: string

Default value
""

extraEnvFrom💣

Type: string

Default value
"- secretRef:\n    name: '{{ include \"keycloak.fullname\" . }}-env'\n"
Default value (formatted)
- secretRef:
    name: '{{ include \"keycloak.fullname\" . }}-env'

priorityClassName💣

Type: string

Default value
""

affinity💣

Type: string

Default value
"podAntiAffinity:\n  requiredDuringSchedulingIgnoredDuringExecution:\n    - labelSelector:\n        matchLabels:\n          {{- include \"keycloak.selectorLabels\" . \| nindent 10 }}\n        matchExpressions:\n          - key: app.kubernetes.io/component\n            operator: NotIn\n            values:\n              - test\n      topologyKey: kubernetes.io/hostname\n  preferredDuringSchedulingIgnoredDuringExecution:\n    - weight: 100\n      podAffinityTerm:\n        labelSelector:\n          matchLabels:\n            {{- include \"keycloak.selectorLabels\" . \| nindent 12 }}\n          matchExpressions:\n            - key: app.kubernetes.io/component\n              operator: NotIn\n              values:\n                - test\n        topologyKey: failure-domain.beta.kubernetes.io/zone\n"
Default value (formatted)
podAntiAffinity:
  requiredDuringSchedulingIgnoredDuringExecution:
    - labelSelector:
        matchLabels:
          {{- include \"keycloak.selectorLabels\" . \| nindent 10 }}
        matchExpressions:
          - key: app.kubernetes.io/component
            operator: NotIn
            values:
              - test
      topologyKey: kubernetes.io/hostname
  preferredDuringSchedulingIgnoredDuringExecution:
    - weight: 100
      podAffinityTerm:
        labelSelector:
          matchLabels:
            {{- include \"keycloak.selectorLabels\" . \| nindent 12 }}
          matchExpressions:
            - key: app.kubernetes.io/component
              operator: NotIn
              values:
                - test
        topologyKey: failure-domain.beta.kubernetes.io/zone

topologySpreadConstraints💣

Type: string

Default value
nil

nodeSelector💣

Type: object

Default value
{}
Default value (formatted)
{}

tolerations💣

Type: list

Default value
[]
Default value (formatted)
[]

podLabels💣

Type: object

Default value
{}
Default value (formatted)
{}

podAnnotations💣

Type: object

Default value
{}
Default value (formatted)
{}

livenessProbe💣

Type: string

Default value
"httpGet:\n  path: /auth/realms/master\n  port: http\n  scheme: HTTP\nfailureThreshold: 15\ntimeoutSeconds: 2\nperiodSeconds: 15\n"
Default value (formatted)
httpGet:
  path: /auth/realms/master
  port: http
  scheme: HTTP
failureThreshold: 15
timeoutSeconds: 2
periodSeconds: 15

readinessProbe💣

Type: string

Default value
"httpGet:\n  path: /auth/realms/master\n  port: http\n  scheme: HTTP\nfailureThreshold: 15\ntimeoutSeconds: 2\n"
Default value (formatted)
httpGet:
  path: /auth/realms/master
  port: http
  scheme: HTTP
failureThreshold: 15
timeoutSeconds: 2

startupProbe💣

Type: string

Default value
"httpGet:\n  path: /auth/realms/master\n  port: http\ninitialDelaySeconds: 90\ntimeoutSeconds: 2\nfailureThreshold: 60\nperiodSeconds: 5\n"
Default value (formatted)
httpGet:
  path: /auth/realms/master
  port: http
initialDelaySeconds: 90
timeoutSeconds: 2
failureThreshold: 60
periodSeconds: 5

resources.requests.cpu💣

Type: string

Default value
"1"

resources.requests.memory💣

Type: string

Default value
"1Gi"

resources.limits.cpu💣

Type: string

Default value
"1"

resources.limits.memory💣

Type: string

Default value
"1Gi"

extraVolumes💣

Type: string

Default value
""

extraVolumesBigBang💣

Type: object

Default value
{}
Default value (formatted)
{}

extraVolumeMounts💣

Type: string

Default value
""

extraVolumeMountsBigBang💣

Type: object

Default value
{}
Default value (formatted)
{}

extraPorts[0].name💣

Type: string

Default value
"jgroup"

extraPorts[0].containerPort💣

Type: int

Default value
7600

extraPorts[0].protocol💣

Type: string

Default value
"TCP"

podDisruptionBudget💣

Type: object

Default value
{}
Default value (formatted)
{}

statefulsetAnnotations💣

Type: object

Default value
{}
Default value (formatted)
{}

statefulsetLabels💣

Type: object

Default value
{}
Default value (formatted)
{}

secrets.env.stringData.JAVA_TOOL_OPTIONS💣

Type: string

Default value
"-XX:+UseContainerSupport -XX:MaxRAMPercentage=50.0 -Dcom.redhat.fips=false"

secrets.env.stringData.KEYCLOAK_USER💣

Type: string

Default value
"{{ .Values.secrets.credentials.stringData.adminuser }}"

secrets.env.stringData.KEYCLOAK_PASSWORD💣

Type: string

Default value
"{{ .Values.secrets.credentials.stringData.password }}"

secrets.env.stringData.PROXY_ADDRESS_FORWARDING💣

Type: string

Default value
"true"

secrets.env.stringData.JGROUPS_DISCOVERY_PROTOCOL💣

Type: string

Default value
"dns.DNS_PING"

secrets.env.stringData.JGROUPS_DISCOVERY_PROPERTIES💣

Type: string

Default value
'dns_query={{ include "keycloak.serviceDnsName" . }}'

secrets.env.stringData.KEYCLOAK_SERVICE_DNS_NAME💣

Type: string

Default value
'{{ include "keycloak.serviceDnsName" . }}'

secrets.env.stringData.CACHE_OWNERS_COUNT💣

Type: string

Default value
"2"

secrets.env.stringData.CACHE_OWNERS_AUTH_SESSIONS_COUNT💣

Type: string

Default value
"2"

secrets.env.stringData.KEYCLOAK_STATISTICS💣

Type: string

Default value
"{{ if .Values.serviceMonitor.enabled }}all{{ end }}"

secrets.credentials.stringData.adminuser💣

Type: string

Default value
"admin"

secrets.credentials.stringData.password💣

Type: string

Default value
"password"

service.annotations💣

Type: object

Default value
{}
Default value (formatted)
{}

service.labels💣

Type: object

Default value
{}
Default value (formatted)
{}

service.type💣

Type: string

Default value
"ClusterIP"

service.loadBalancerIP💣

Type: string

Default value
""

service.httpPort💣

Type: int

Default value
80

service.httpNodePort💣

Type: string

Default value
nil

service.httpsPort💣

Type: int

Default value
8443

service.httpsNodePort💣

Type: string

Default value
nil

service.httpManagementPort💣

Type: int

Default value
9990

service.httpManagementNodePort💣

Type: string

Default value
nil

service.extraPorts[0].name💣

Type: string

Default value
"jgroup"

service.extraPorts[0].port💣

Type: int

Default value
7600

service.extraPorts[0].targetPort💣

Type: string

Default value
"jgroup"

service.extraPorts[0].protocol💣

Type: string

Default value
"TCP"

service.loadBalancerSourceRanges💣

Type: list

Default value
[]
Default value (formatted)
[]

service.externalTrafficPolicy💣

Type: string

Default value
"Cluster"

service.sessionAffinity💣

Type: string

Default value
""

service.sessionAffinityConfig💣

Type: object

Default value
{}
Default value (formatted)
{}

ingress.enabled💣

Type: bool

Default value
false

ingress.ingressClassName💣

Type: string

Default value
""

ingress.servicePort💣

Type: string

Default value
"http"

ingress.annotations💣

Type: object

Default value
{}
Default value (formatted)
{}

ingress.labels💣

Type: object

Default value
{}
Default value (formatted)
{}

ingress.rules[0].host💣

Type: string

Default value
"{{ .Release.Name }}.keycloak.example.com"

ingress.rules[0].paths[0].path💣

Type: string

Default value
"/"

ingress.rules[0].paths[0].pathType💣

Type: string

Default value
"Prefix"

ingress.tls[0].hosts[0]💣

Type: string

Default value
"keycloak.example.com"

ingress.tls[0].secretName💣

Type: string

Default value
""

ingress.console.enabled💣

Type: bool

Default value
false

ingress.console.ingressClassName💣

Type: string

Default value
""

ingress.console.annotations💣

Type: object

Default value
{}
Default value (formatted)
{}

ingress.console.rules[0].host💣

Type: string

Default value
"{{ .Release.Name }}.keycloak.example.com"

ingress.console.rules[0].paths[0].path💣

Type: string

Default value
"/auth/admin/"

ingress.console.rules[0].paths[0].pathType💣

Type: string

Default value
"Prefix"

ingress.console.tls💣

Type: list

Default value
[]
Default value (formatted)
[]

networkPolicy.enabled💣

Type: bool

Default value
false

networkPolicy.labels💣

Type: object

Default value
{}
Default value (formatted)
{}

networkPolicy.extraFrom💣

Type: list

Default value
[]
Default value (formatted)
[]

route.enabled💣

Type: bool

Default value
false

route.path💣

Type: string

Default value
"/"

route.annotations💣

Type: object

Default value
{}
Default value (formatted)
{}

route.labels💣

Type: object

Default value
{}
Default value (formatted)
{}

route.host💣

Type: string

Default value
""

route.tls.enabled💣

Type: bool

Default value
true

route.tls.insecureEdgeTerminationPolicy💣

Type: string

Default value
"Redirect"

route.tls.termination💣

Type: string

Default value
"edge"

pgchecker.image.repository💣

Type: string

Default value
"registry1.dso.mil/ironbank/opensource/postgres/postgresql12"

pgchecker.image.tag💣

Type: float

Default value
12.11

pgchecker.image.pullPolicy💣

Type: string

Default value
"IfNotPresent"

pgchecker.securityContext.allowPrivilegeEscalation💣

Type: bool

Default value
false

pgchecker.securityContext.runAsUser💣

Type: int

Default value
1000

pgchecker.securityContext.runAsGroup💣

Type: int

Default value
1000

pgchecker.securityContext.runAsNonRoot💣

Type: bool

Default value
true

pgchecker.resources.requests.cpu💣

Type: string

Default value
"20m"

pgchecker.resources.requests.memory💣

Type: string

Default value
"32Mi"

pgchecker.resources.limits.cpu💣

Type: string

Default value
"20m"

pgchecker.resources.limits.memory💣

Type: string

Default value
"32Mi"

postgresql.enabled💣

Type: bool

Default value
true

postgresql.postgresqlUsername💣

Type: string

Default value
"keycloak"

postgresql.postgresqlPassword💣

Type: string

Default value
"keycloak"

postgresql.postgresqlDatabase💣

Type: string

Default value
"keycloak"

postgresql.networkPolicy.enabled💣

Type: bool

Default value
false

postgresql.global.imagePullSecrets[0]💣

Type: string

Default value
"private-registry"

postgresql.image.registry💣

Type: string

Default value
"registry1.dso.mil"

postgresql.image.repository💣

Type: string

Default value
"ironbank/opensource/postgres/postgresql12"

postgresql.image.tag💣

Type: float

Default value
12.11

postgresql.securityContext.enabled💣

Type: bool

Default value
true

postgresql.securityContext.fsGroup💣

Type: int

Default value
26

postgresql.securityContext.runAsUser💣

Type: int

Default value
26

postgresql.securityContext.runAsGroup💣

Type: int

Default value
26

postgresql.containerSecurityContext.enabled💣

Type: bool

Default value
true

postgresql.containerSecurityContext.runAsUser💣

Type: int

Default value
26

postgresql.resources.requests.cpu💣

Type: string

Default value
"250m"

postgresql.resources.requests.memory💣

Type: string

Default value
"256Mi"

postgresql.resources.limits.cpu💣

Type: string

Default value
"250m"

postgresql.resources.limits.memory💣

Type: string

Default value
"256Mi"

serviceMonitor.enabled💣

Type: bool

Default value
false

serviceMonitor.namespace💣

Type: string

Default value
""

serviceMonitor.namespaceSelector💣

Type: object

Default value
{}
Default value (formatted)
{}

serviceMonitor.annotations💣

Type: object

Default value
{}
Default value (formatted)
{}

serviceMonitor.labels💣

Type: object

Default value
{}
Default value (formatted)
{}

serviceMonitor.interval💣

Type: string

Default value
"10s"

serviceMonitor.scrapeTimeout💣

Type: string

Default value
"10s"

serviceMonitor.path💣

Type: string

Default value
"/metrics"

serviceMonitor.port💣

Type: string

Default value
"http-management"

extraServiceMonitor.enabled💣

Type: bool

Default value
false

extraServiceMonitor.namespace💣

Type: string

Default value
""

extraServiceMonitor.namespaceSelector💣

Type: object

Default value
{}
Default value (formatted)
{}

extraServiceMonitor.annotations💣

Type: object

Default value
{}
Default value (formatted)
{}

extraServiceMonitor.labels💣

Type: object

Default value
{}
Default value (formatted)
{}

extraServiceMonitor.interval💣

Type: string

Default value
"10s"

extraServiceMonitor.scrapeTimeout💣

Type: string

Default value
"10s"

extraServiceMonitor.path💣

Type: string

Default value
"/auth/realms/master/metrics"

extraServiceMonitor.port💣

Type: string

Default value
"http"

prometheusRule.enabled💣

Type: bool

Default value
false

prometheusRule.annotations💣

Type: object

Default value
{}
Default value (formatted)
{}

prometheusRule.labels💣

Type: object

Default value
{}
Default value (formatted)
{}

prometheusRule.rules💣

Type: list

Default value
[]
Default value (formatted)
[]

autoscaling.enabled💣

Type: bool

Default value
false

autoscaling.labels💣

Type: object

Default value
{}
Default value (formatted)
{}

autoscaling.minReplicas💣

Type: int

Default value
3

autoscaling.maxReplicas💣

Type: int

Default value
10

autoscaling.metrics[0].type💣

Type: string

Default value
"Resource"

autoscaling.metrics[0].resource.name💣

Type: string

Default value
"cpu"

autoscaling.metrics[0].resource.target.type💣

Type: string

Default value
"Utilization"

autoscaling.metrics[0].resource.target.averageUtilization💣

Type: int

Default value
80

autoscaling.behavior.scaleDown.stabilizationWindowSeconds💣

Type: int

Default value
300

autoscaling.behavior.scaleDown.policies[0].type💣

Type: string

Default value
"Pods"

autoscaling.behavior.scaleDown.policies[0].value💣

Type: int

Default value
1

autoscaling.behavior.scaleDown.policies[0].periodSeconds💣

Type: int

Default value
300

test.enabled💣

Type: bool

Default value
false

test.image.repository💣

Type: string

Default value
"docker.io/unguiculus/docker-python3-phantomjs-selenium"

test.image.tag💣

Type: string

Default value
"v1"

test.image.pullPolicy💣

Type: string

Default value
"IfNotPresent"

test.podSecurityContext.fsGroup💣

Type: int

Default value
1000

test.securityContext.runAsUser💣

Type: int

Default value
1000

test.securityContext.runAsNonRoot💣

Type: bool

Default value
true

hostname💣

Type: string

Default value
"bigbang.dev"

istio.enabled💣

Type: bool

Default value
false

istio.injection💣

Type: string

Default value
"disabled"

istio.mtls.mode💣

Type: string

Default value
"STRICT"

Description: STRICT = Allow only mutual TLS traffic, PERMISSIVE = Allow both plain text and mutual TLS traffic

istio.keycloak.enabled💣

Type: bool

Default value
false

istio.keycloak.annotations💣

Type: object

Default value
{}
Default value (formatted)
{}

istio.keycloak.labels💣

Type: object

Default value
{}
Default value (formatted)
{}

istio.keycloak.gateways[0]💣

Type: string

Default value
"istio-system/main"

istio.keycloak.hosts[0]💣

Type: string

Default value
"keycloak.{{ .Values.hostname }}"

monitoring.enabled💣

Type: bool

Default value
false

networkPolicies.enabled💣

Type: bool

Default value
false

networkPolicies.ingressLabels.app💣

Type: string

Default value
"istio-ingressgateway"

networkPolicies.ingressLabels.istio💣

Type: string

Default value
"ingressgateway"

networkPolicies.smtpPort💣

Type: int

Default value
587

openshift💣

Type: bool

Default value
false

bbtests.enabled💣

Type: bool

Default value
false

bbtests.image💣

Type: string

Default value
"registry1.dso.mil/ironbank/big-bang/base:2.0.0"

bbtests.cypress.artifacts💣

Type: bool

Default value
true

bbtests.cypress.envs.cypress_url💣

Type: string

Default value
"https://keycloak-http.keycloak.svc.cluster.local:8443"

bbtests.cypress.envs.cypress_username💣

Type: string

Default value
"admin"

bbtests.cypress.envs.cypress_password💣

Type: string

Default value
"password"

bbtests.cypress.envs.tnr_username💣

Type: string

Default value
"cypress"

bbtests.cypress.envs.tnr_password💣

Type: string

Default value
"tnr_w!G33ZyAt@C8"

bbtests.cypress.envs.tnr_firstName💣

Type: string

Default value
"Cypress"

bbtests.cypress.envs.tnr_lastName💣

Type: string

Default value
"TNR"

bbtests.cypress.envs.tnr_email💣

Type: string

Default value
"cypress@tnr.mil"