jgwerner/kc.yaml

## kc.yaml
hostAliases: []
commonLabels: {}
commonAnnotations: {}
clusterDomain: cluster.local
extraDeploy: []
image:
  registry: docker.io
  repository: illumidesk/keycloak
  tag: latest
  ## Specify a imagePullPolicy
  ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent'
  ## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images
  ##
  pullPolicy: IfNotPresent
  ## Optionally specify an array of imagePullSecrets.
  ## Secrets must be manually created in the namespace.
  ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/
  ## Example:
  ## pullSecrets:
  ##   - myRegistryKeySecretName
  ##
  pullSecrets: []
  ## Set to true if you would like to see extra information on logs
  ##
  debug: true

## Keycloak authentication parameters
## ref: https://github.com/bitnami/bitnami-docker-keycloak#admin-credentials
##
auth:
  ## Create administrator user on boot.
  ##
  createAdminUser: true
  ## Keycloak administrator user and password
  ##
  adminUser: admin
  adminPassword: admin
  ## Wildfly management user and password
  ##
  managementUser: manager
  managementPassword: manager
  ## An already existing secret containing auth info
  ##
  # existingSecret:
  #   name: mySecret
  #   keyMapping:
  #     admin-password: myPasswordKey
  #     management-password: myManagementPasswordKey
  #     database-password: myDatabasePasswordKey
  #     tls-keystore-password: myTlsKeystorePasswordKey
  #     tls-truestore-password: myTlsTruestorePasswordKey
  ## TLS encryption parameters
  ## ref: https://github.com/bitnami/bitnami-docker-keycloak#tls-encryption
  ##
  tls:
    enabled: false
    ## Name of the existing secret containing the truststore and one keystore per Keycloak replica
    ## Create this secret following the steps below:
    ## 1) Generate your trustore and keystore files (more info at https://github.com/keycloak/keycloak-documentation/blob/master/openshift/topics/advanced_concepts.adoc#creating-https-and-jgroups-keystores-and-truststore-for-the-project_name-server)
    ## 2) Rename your truststore to `keycloak.truststore.jks`.
    ## 3) Rename your keystores to `keycloak-X.keystore.jks` where X is the ID of each Keycloak replica
    ## 4) Run the command below where SECRET_NAME is the name of the secret you want to create:
    ##       kubectl create secret generic SECRET_NAME --from-file=./keycloak.truststore.jks --from-file=./keycloak-0.keystore.jks --from-file=./keycloak-1.keystore.jks ...
    ##
    # jksSecret:
    ## Password to access the keystore when it's password-protected.
    ##
    keystorePassword: ""
    ## Password to access the truststore when it's password-protected.
    ##
    truststorePassword: ""
    ## Init container parameters:
    ##
    image:
      registry: docker.io
      repository: bitnami/minideb
      tag: buster
      pullPolicy: Always
      ## Optionally specify an array of imagePullSecrets.
      ## Secrets must be manually created in the namespace.
      ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/
      ##
      pullSecrets: []
      ##   - myRegistryKeySecretName
    ## Init containers' resource requests and limits
    ## ref: http://kubernetes.io/docs/user-guide/compute-resources/
    ##
    resources:
      ## We usually recommend not to specify default resources and to leave this as a conscious
      ## choice for the user. This also increases chances charts run on environments with little
      ## resources, such as Minikube. If you do want to specify resources, uncomment the following
      ## lines, adjust them as necessary, and remove the curly braces after 'resources:'.
      ##
      limits: {}
      ##   cpu: 100m
      ##   memory: 128Mi
      ##
      requests: {}
      ##   cpu: 100m
      ##   memory: 128Mi
      ##

## Enable Proxy Address Forwarding
## ref: https://www.keycloak.org/docs/latest/server_installation/#_setting-up-a-load-balancer-or-proxy
##
proxyAddressForwarding: true

## Keycloak Service Discovery settings
## ref: https://github.com/bitnami/bitnami-docker-keycloak#cluster-configuration
##
serviceDiscovery:
  enabled: false
  ## Sets the protocol that Keycloak nodes would use to discover new peers
  ## Available protocols can be found at http://www.jgroups.org/javadoc3/org/jgroups/protocols/
  ##
  protocol: kubernetes.KUBE_PING
  ## Properties for the discovery protocol set in serviceDiscovery.protocol parameter
  ## List of key=>value pairs
  ## Example:
  ## properties:
  ##   - datasource_jndi_name=>"java:jboss/datasources/KeycloakDS"
  ##   - initialize_sql=>"CREATE TABLE IF NOT EXISTS JGROUPSPING ( own_addr varchar(200) NOT NULL, cluster_name varchar(200) NOT NULL, created timestamp default current_timestamp, ping_data BYTEA, constraint PK_JGROUPSPING PRIMARY KEY (own_addr, cluster_name))"
  ##
  properties: []
  ## Transport stack for the discovery protocol set in serviceDiscovery.protocol parameter
  ##
  transportStack: tcp

## Keycloak cache settings
## ref: https://github.com/bitnami/bitnami-docker-keycloak#cluster-configuration
##
cache:
  ## Number of nodes that will replicate cached data
  ##
  ownersCount: 1
  ## Number of nodes that will replicate cached authentication data
  ##
  authOwnersCount: 1

## Keycloak Configuration
## Specify content for standalone-ha.xml
## NOTE: This will override configuring Keycloak based on environment variables (including those set by the chart)
## The standalone-ha.xml is auto-generated based on other parameters when this parameter is not specified
##
## Example:
## configuration: |-
##    foo: bar
##    baz:
##
# configuration:

## Existing ConfigMap with Keycloak Configuration
## NOTE: When it's set the configuration parameter is ignored
##
# existingConfigmap:

## Add extra args to default startup command
##
extraStartupArgs:

## initdb scripts
## Specify dictionary of scripts to be run at first boot
## ref: https://github.com/bitnami/bitnami-docker-keycloak#initializing-a-new-instance
## Example:
## initdbScripts:
##   my_init_script.sh: |
##      #!/bin/bash
##      echo "Do something."
##
initdbScripts: {}

## Existing ConfigMap with custom init scripts
##
# initdbScriptsConfigMap:

## Command and args for running the container (set to default if not set). Use array form
##
command: []
args: []

## An array to add extra env vars
## Example:
## extraEnvVars:
##   - name: FOO
##     value: "bar"
##
extraEnvVars:
  - name: PROXY_ADDRESS_FORWARDING
    value: "true"
  - name: KEYCLOAK_FRONTEND_URL
    value: "https://kc-greg.illumidesk.com"

## ConfigMap with extra environment variables
##
extraEnvVarsCM:

## Secret with extra environment variables
##
extraEnvVarsSecret:

## Number of Keycloak replicas to deploy
##
replicaCount: 1

## Keycloak container ports to open
##
containerPorts:
  http: 8080
  https: 8443

## Keycloak containers' SecurityContext
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod
##
podSecurityContext:
  enabled: true
  fsGroup: 1001

## Keycloak pods' Security Context
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container
##
containerSecurityContext:
  enabled: true
  runAsUser: 1001
  runAsNonRoot: true

## Keycloak resource requests and limits
## ref: http://kubernetes.io/docs/user-guide/compute-resources/
##
resources:
  # We usually recommend not to specify default resources and to leave this as a conscious
  # choice for the user. This also increases chances charts run on environments with little
  # resources, such as Minikube. If you do want to specify resources, uncomment the following
  # lines, adjust them as necessary, and remove the curly braces after 'resources:'.
  limits: {}
  #   cpu: 200m
  #   memory: 256Mi
  requests: {}
  #   cpu: 200m
  #   memory: 10Mi

## Keycloak containers' liveness and readiness probes.
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes
##
livenessProbe:
  enabled: true
  httpGet:
    path: /auth/
    port: http
  initialDelaySeconds: 300
  periodSeconds: 1
  timeoutSeconds: 5
  failureThreshold: 3
  successThreshold: 1
readinessProbe:
  enabled: true
  httpGet:
    path: /auth/realms/master
    port: http
  initialDelaySeconds: 30
  periodSeconds: 10
  timeoutSeconds: 1
  failureThreshold: 3
  successThreshold: 1

## Custom Liveness probes for Keycloak
##
customLivenessProbe: {}

## Custom Rediness probes Keycloak
##
customReadinessProbe: {}

## Strategy to use to update Pods
##
updateStrategy:
  ## StrategyType
  ## Can be set to RollingUpdate or OnDelete
  ##
  type: RollingUpdate

## Pod affinity preset
## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity
## Allowed values: soft, hard
##
podAffinityPreset: ""

## Pod anti-affinity preset
## Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity
## Allowed values: soft, hard
##
podAntiAffinityPreset: soft

## Node affinity preset
## Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity
## Allowed values: soft, hard
##
nodeAffinityPreset:
  ## Node affinity type
  ## Allowed values: soft, hard
  ##
  type: ""
  ## Node label key to match
  ## E.g.
  ## key: "kubernetes.io/e2e-az-name"
  ##
  key: ""
  ## Node label values to match
  ## E.g.
  ## values:
  ##   - e2e-az1
  ##   - e2e-az2
  ##
  values: []

## Affinity for pod assignment. Evaluated as a template.
## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity
##
affinity: {}

## Node labels for pod assignment. Evaluated as a template.
## ref: https://kubernetes.io/docs/user-guide/node-selection/
##
nodeSelector: {}

## Tolerations for pod assignment. Evaluated as a template.
## ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/
##
tolerations: []

## Pod extra labels
## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/
##
podLabels: {}

## Annotations for server pods.
## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/
##
podAnnotations: {}

## Keycloak pods' priority.
## ref: https://kubernetes.io/docs/concepts/configuration/pod-priority-preemption/
##
# priorityClassName: ""

## lifecycleHooks for the Keycloak container to automate configuration before or after startup.
##
lifecycleHooks: {}

## Extra volumes to add to the deployment
##
extraVolumes: []

## Extra volume mounts to add to the container
##
extraVolumeMounts: []

## Add init containers to the Keycloak pods.
## Example:
## initContainers:
##   - name: your-image-name
##     image: your-image
##     imagePullPolicy: Always
##     ports:
##       - name: portname
##         containerPort: 1234
##
initContainers: {}

## Add sidecars to the Keycloak pods.
## Example:
## sidecars:
##   - name: your-image-name
##     image: your-image
##     imagePullPolicy: Always
##     ports:
##       - name: portname
##         containerPort: 1234
##
sidecars: {}

## Service configuration
##
service:
  ## Service type.
  ##
  type: ClusterIP
  ## HTTP Port
  ##
  port: 80
  ## HTTPS Port
  ##
  httpsPort: 443
  ## Specify the nodePort values for the LoadBalancer and NodePort service types.
  ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport
  ##
  nodePorts:
    http: ""
    https: ""
  ## Service clusterIP.
  ##
  # clusterIP: None
  ## loadBalancerIP for the SuiteCRM Service (optional, cloud specific)
  ## ref: http://kubernetes.io/docs/user-guide/services/#type-loadbalancer
  ##
  # loadBalancerIP:
  ## Load Balancer sources
  ## https://kubernetes.io/docs/tasks/access-application-cluster/configure-cloud-provider-firewall/#restrict-access-for-loadbalancer-service
  ## Example:
  ## loadBalancerSourceRanges:
  ##   - 10.10.10.0/24
  ##
  loadBalancerSourceRanges: []
  ## Enable client source IP preservation
  ## ref http://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/#preserving-the-client-source-ip
  ##
  externalTrafficPolicy: Cluster
  ## Provide any additional annotations which may be required (evaluated as a template).
  ##
  annotations: {}

## Ingress configuration
##
ingress:
  ## Set to true to enable ingress record generation
  ##
  enabled: true

  ## Set this to true in order to add the corresponding annotations for cert-manager
  ##
  certManager: false

  ## When the ingress is enabled, a host pointing to this will be created
  ##
  hostname: kc-greg.illumidesk.com

  ## Override API Version (automatically detected if not set)
  ##
  apiVersion:

  ## Ingress Path
  ##
  path: /

  ## Ingress Path type
  ##
  pathType: ImplementationSpecific

  ## Ingress annotations done as key:value pairs
  ## For a full list of possible ingress annotations, please see
  ## ref: https://github.com/kubernetes/ingress-nginx/blob/master/docs/user-guide/nginx-configuration/annotations.md
  ##
  ## If certManager is set to true, annotation kubernetes.io/tls-acme: "true" will automatically be set
  ##
  annotations:
    kubernetes.io/ingress.class: "nginx"
    # nginx.org/redirect-to-https: "true"
    # nginx.org/use-forwarded-headers: "false"
  ## Enable TLS configuration for the hostname defined at ingress.hostname parameter
  ## TLS certificates will be retrieved from a TLS secret with name: {{- printf "%s-tls" .Values.ingress.hostname }}
  ## You can use the ingress.secrets parameter to create this TLS secret, relay on cert-manager to create it, or
  ## let the chart create self-signed certificates for you
  ##
  tls: false

  ## The list of additional hostnames to be covered with this ingress record.
  ## Most likely the hostname above will be enough, but in the event more hosts are needed, this is an array
  ## Example:
  ## extraHosts:
  ##   - name: keycloak.local
  ##     path: /
  ##
  extraHosts: []

  ## The tls configuration for additional hostnames to be covered with this ingress record.
  ## see: https://kubernetes.io/docs/concepts/services-networking/ingress/#tls
  ## Example:
  ## extraTls:
  ## - hosts:
  ##     - keycloak.local
  ##   secretName: keycloak.local-tls
  ##
  extraTls: []

  ## If you're providing your own certificates, please use this to add the certificates as secrets
  ## key and certificate should start with -----BEGIN CERTIFICATE----- or -----BEGIN RSA PRIVATE KEY-----
  ## name should line up with a secretName set further up
  ##
  ## If it is not set and you're using cert-manager, this is unneeded, as it will create the secret for you
  ## If it is not set and you're NOT using cert-manager either, self-signed certificates will be created
  ## It is also possible to create and manage the certificates outside of this helm chart
  ## Please see README.md for more information
  ##
  ## Example
  ## secrets:
  ##   - name: aspnet-core.local-tls
  ##     key: ""
  ##     certificate: ""
  ##
  secrets: []

## Network Policy configuration
## ref: https://kubernetes.io/docs/concepts/services-networking/network-policies/
##
networkPolicy:
  ## Enable creation of NetworkPolicy resources
  ##
  enabled: false
  ## The Policy model to apply. When set to false, only pods with the correct
  ## client label will have network access to the ports Keycloak is listening
  ## on. When true, Keycloak will accept connections from any source
  ## (with the correct destination port).
  ##
  allowExternal: true
  ## Additional NetworkPolicy Ingress "from" rules to set. Note that all rules are OR-ed.
  ## Example:
  ## additionalRules:
  ##   - matchLabels:
  ##       - role: frontend
  ##   - matchExpressions:
  ##       - key: role
  ##         operator: In
  ##         values:
  ##           - frontend
  ##
  additionalRules: {}

## Specifies whether RBAC resources should be created
##
rbac:
  create: false
  ## Custom RBAC rules
  ## Example:
  ## rules:
  ##   - apiGroups:
  ##       - ""
  ##     resources:
  ##       - pods
  ##     verbs:
  ##       - get
  ##       - list
  ##
  rules: []

## Specifies whether a ServiceAccount should be created
##
serviceAccount:
  create: true
  ## The name of the ServiceAccount to use.
  ## If not set and create is true, a name is generated using the fullname template
  ##
  name: ""

## Keycloak Pod Disruption Budget configuration
## ref: https://kubernetes.io/docs/tasks/run-application/configure-pdb/
##
pdb:
  create: false
  ## Min number of pods that must still be available after the eviction
  ##
  minAvailable: 1
  ## Max number of pods that can be unavailable after the eviction
  ##
  # maxUnavailable: 1

## Keycloak Autoscaling configuration
##
autoscaling:
  enabled: false
  minReplicas: 1
  maxReplicas: 11
  # targetCPU: 50
  # targetMemory: 50

## Metrics configuration
##
metrics:
  ## Enable Keycloak statistics
  ## ref: https://github.com/bitnami/bitnami-docker-keycloak#enabling-statistics
  ##
  enabled: false

  ## Keycloak metrics service parameters
  ##
  service:
    ## HTTP management port
    ##
    port: 9990
    ## Annotations for the Prometheus exporter service
    ##
    annotations:
      prometheus.io/scrape: "true"
      prometheus.io/port: "{{ .Values.metrics.service.port }}"

  ## Prometheus Operator ServiceMonitor configuration
  ##
  serviceMonitor:
    ## If the operator is installed in your cluster, set to true to create a Service Monitor Entry
    ##
    enabled: false
    ## Specify the namespace in which the serviceMonitor resource will be created
    ##
    # namespace: ""
    ## Specify the interval at which metrics should be scraped
    ##
    interval: 30s
    ## Specify the timeout after which the scrape is ended
    ##
    # scrapeTimeout: 30s
    ## Specify Metric Relabellings to add to the scrape endpoint
    ##
    # relabellings:
    ## Specify honorLabels parameter to add the scrape endpoint
    ##
    honorLabels: false
    ## Specify the release for ServiceMonitor. Sometimes it should be custom for prometheus operator to work
    ##
    # release: ""
    ## Used to pass Labels that are used by the Prometheus installed in your cluster to select Service Monitors to work with
    ## ref: https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#prometheusspec
    ##
    additionalLabels: {}
##
## PostgreSQL chart configuration
## ref: https://github.com/bitnami/charts/blob/master/bitnami/postgresql/values.yaml
##
postgresql:
  ## Whether to deploy a postgresql server to satisfy the applications database requirements. To use an external database set this to false and configure the externalDatabase parameters
  ##
  enabled: true
  ## PostgreSQL user (has superuser privileges if username is `postgres`)
  ## ref: https://github.com/bitnami/bitnami-docker-postgresql/blob/master/README.md#setting-the-root-password-on-first-run
  ##
  postgresqlUsername: keycloak
  ## PostgreSQL password
  ## Defaults to a random 10-character alphanumeric string if not set
  ## ref: https://github.com/bitnami/bitnami-docker-postgresql/blob/master/README.md#setting-the-root-password-on-first-run
  ##
  postgresqlPassword: password
  ## Database name to create
  ## ref: https://github.com/bitnami/bitnami-docker-postgresql/blob/master/README.md#creating-a-database-on-first-run
  ##
  postgresqlDatabase: keycloak
  ## In case of postgresql.enabled = true, allow the usage of existing secrets for postgresql
  ##
  existingSecret:
  ## PostgreSQL data Persistent Volume Storage Class
  ##
  persistence:
    enabled: true

##
## External database configuration
##
externalDatabase:
  ## Database host
  ##
  host: ""
  ## Database port
  ##
  port: 5432
  ## non admin username for Keycloak Database
  ##
  user: bn_keycloak
  ## Database password
  ##
  password: ""
  ## Database name
  ##
  database: bitnami_keycloak
	hostAliases: []
	commonLabels: {}
	commonAnnotations: {}
	clusterDomain: cluster.local
	extraDeploy: []
	image:
	registry: docker.io
	repository: illumidesk/keycloak
	tag: latest
	## Specify a imagePullPolicy
	## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent'
	## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images
	##
	pullPolicy: IfNotPresent
	## Optionally specify an array of imagePullSecrets.
	## Secrets must be manually created in the namespace.
	## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/
	## Example:
	## pullSecrets:
	## - myRegistryKeySecretName
	##
	pullSecrets: []
	## Set to true if you would like to see extra information on logs
	##
	debug: true

	## Keycloak authentication parameters
	## ref: https://github.com/bitnami/bitnami-docker-keycloak#admin-credentials
	##
	auth:
	## Create administrator user on boot.
	##
	createAdminUser: true
	## Keycloak administrator user and password
	##
	adminUser: admin
	adminPassword: admin
	## Wildfly management user and password
	##
	managementUser: manager
	managementPassword: manager
	## An already existing secret containing auth info
	##
	# existingSecret:
	# name: mySecret
	# keyMapping:
	# admin-password: myPasswordKey
	# management-password: myManagementPasswordKey
	# database-password: myDatabasePasswordKey
	# tls-keystore-password: myTlsKeystorePasswordKey
	# tls-truestore-password: myTlsTruestorePasswordKey
	## TLS encryption parameters
	## ref: https://github.com/bitnami/bitnami-docker-keycloak#tls-encryption
	##
	tls:
	enabled: false
	## Name of the existing secret containing the truststore and one keystore per Keycloak replica
	## Create this secret following the steps below:
	## 1) Generate your trustore and keystore files (more info at https://github.com/keycloak/keycloak-documentation/blob/master/openshift/topics/advanced_concepts.adoc#creating-https-and-jgroups-keystores-and-truststore-for-the-project_name-server)
	## 2) Rename your truststore to `keycloak.truststore.jks`.
	## 3) Rename your keystores to `keycloak-X.keystore.jks` where X is the ID of each Keycloak replica
	## 4) Run the command below where SECRET_NAME is the name of the secret you want to create:
	## kubectl create secret generic SECRET_NAME --from-file=./keycloak.truststore.jks --from-file=./keycloak-0.keystore.jks --from-file=./keycloak-1.keystore.jks ...
	##
	# jksSecret:
	## Password to access the keystore when it's password-protected.
	##
	keystorePassword: ""
	## Password to access the truststore when it's password-protected.
	##
	truststorePassword: ""
	## Init container parameters:
	##
	image:
	registry: docker.io
	repository: bitnami/minideb
	tag: buster
	pullPolicy: Always
	## Optionally specify an array of imagePullSecrets.
	## Secrets must be manually created in the namespace.
	## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/
	##
	pullSecrets: []
	## - myRegistryKeySecretName
	## Init containers' resource requests and limits
	## ref: http://kubernetes.io/docs/user-guide/compute-resources/
	##
	resources:
	## We usually recommend not to specify default resources and to leave this as a conscious
	## choice for the user. This also increases chances charts run on environments with little
	## resources, such as Minikube. If you do want to specify resources, uncomment the following
	## lines, adjust them as necessary, and remove the curly braces after 'resources:'.
	##
	limits: {}
	## cpu: 100m
	## memory: 128Mi
	##
	requests: {}
	## cpu: 100m
	## memory: 128Mi
	##

	## Enable Proxy Address Forwarding
	## ref: https://www.keycloak.org/docs/latest/server_installation/#_setting-up-a-load-balancer-or-proxy
	##
	proxyAddressForwarding: true

	## Keycloak Service Discovery settings
	## ref: https://github.com/bitnami/bitnami-docker-keycloak#cluster-configuration
	##
	serviceDiscovery:
	enabled: false
	## Sets the protocol that Keycloak nodes would use to discover new peers
	## Available protocols can be found at http://www.jgroups.org/javadoc3/org/jgroups/protocols/
	##
	protocol: kubernetes.KUBE_PING
	## Properties for the discovery protocol set in serviceDiscovery.protocol parameter
	## List of key=>value pairs
	## Example:
	## properties:
	## - datasource_jndi_name=>"java:jboss/datasources/KeycloakDS"
	## - initialize_sql=>"CREATE TABLE IF NOT EXISTS JGROUPSPING ( own_addr varchar(200) NOT NULL, cluster_name varchar(200) NOT NULL, created timestamp default current_timestamp, ping_data BYTEA, constraint PK_JGROUPSPING PRIMARY KEY (own_addr, cluster_name))"
	##
	properties: []
	## Transport stack for the discovery protocol set in serviceDiscovery.protocol parameter
	##
	transportStack: tcp

	## Keycloak cache settings
	## ref: https://github.com/bitnami/bitnami-docker-keycloak#cluster-configuration
	##
	cache:
	## Number of nodes that will replicate cached data
	##
	ownersCount: 1
	## Number of nodes that will replicate cached authentication data
	##
	authOwnersCount: 1

	## Keycloak Configuration
	## Specify content for standalone-ha.xml
	## NOTE: This will override configuring Keycloak based on environment variables (including those set by the chart)
	## The standalone-ha.xml is auto-generated based on other parameters when this parameter is not specified
	##
	## Example:
	## configuration: \|-
	## foo: bar
	## baz:
	##
	# configuration:

	## Existing ConfigMap with Keycloak Configuration
	## NOTE: When it's set the configuration parameter is ignored
	##
	# existingConfigmap:

	## Add extra args to default startup command
	##
	extraStartupArgs:

	## initdb scripts
	## Specify dictionary of scripts to be run at first boot
	## ref: https://github.com/bitnami/bitnami-docker-keycloak#initializing-a-new-instance
	## Example:
	## initdbScripts:
	## my_init_script.sh: \|
	## #!/bin/bash
	## echo "Do something."
	##
	initdbScripts: {}

	## Existing ConfigMap with custom init scripts
	##
	# initdbScriptsConfigMap:

	## Command and args for running the container (set to default if not set). Use array form
	##
	command: []
	args: []

	## An array to add extra env vars
	## Example:
	## extraEnvVars:
	## - name: FOO
	## value: "bar"
	##
	extraEnvVars:
	- name: PROXY_ADDRESS_FORWARDING
	value: "true"
	- name: KEYCLOAK_FRONTEND_URL
	value: "https://kc-greg.illumidesk.com"

	## ConfigMap with extra environment variables
	##
	extraEnvVarsCM:

	## Secret with extra environment variables
	##
	extraEnvVarsSecret:

	## Number of Keycloak replicas to deploy
	##
	replicaCount: 1

	## Keycloak container ports to open
	##
	containerPorts:
	http: 8080
	https: 8443

	## Keycloak containers' SecurityContext
	## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod
	##
	podSecurityContext:
	enabled: true
	fsGroup: 1001

	## Keycloak pods' Security Context
	## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container
	##
	containerSecurityContext:
	enabled: true
	runAsUser: 1001
	runAsNonRoot: true

	## Keycloak resource requests and limits
	## ref: http://kubernetes.io/docs/user-guide/compute-resources/
	##
	resources:
	# We usually recommend not to specify default resources and to leave this as a conscious
	# choice for the user. This also increases chances charts run on environments with little
	# resources, such as Minikube. If you do want to specify resources, uncomment the following
	# lines, adjust them as necessary, and remove the curly braces after 'resources:'.
	limits: {}
	# cpu: 200m
	# memory: 256Mi
	requests: {}
	# cpu: 200m
	# memory: 10Mi

	## Keycloak containers' liveness and readiness probes.
	## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes
	##
	livenessProbe:
	enabled: true
	httpGet:
	path: /auth/
	port: http
	initialDelaySeconds: 300
	periodSeconds: 1
	timeoutSeconds: 5
	failureThreshold: 3
	successThreshold: 1
	readinessProbe:
	enabled: true
	httpGet:
	path: /auth/realms/master
	port: http
	initialDelaySeconds: 30
	periodSeconds: 10
	timeoutSeconds: 1
	failureThreshold: 3
	successThreshold: 1

	## Custom Liveness probes for Keycloak
	##
	customLivenessProbe: {}

	## Custom Rediness probes Keycloak
	##
	customReadinessProbe: {}

	## Strategy to use to update Pods
	##
	updateStrategy:
	## StrategyType
	## Can be set to RollingUpdate or OnDelete
	##
	type: RollingUpdate

	## Pod affinity preset
	## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity
	## Allowed values: soft, hard
	##
	podAffinityPreset: ""

	## Pod anti-affinity preset
	## Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity
	## Allowed values: soft, hard
	##
	podAntiAffinityPreset: soft

	## Node affinity preset
	## Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity
	## Allowed values: soft, hard
	##
	nodeAffinityPreset:
	## Node affinity type
	## Allowed values: soft, hard
	##
	type: ""
	## Node label key to match
	## E.g.
	## key: "kubernetes.io/e2e-az-name"
	##
	key: ""
	## Node label values to match
	## E.g.
	## values:
	## - e2e-az1
	## - e2e-az2
	##
	values: []

	## Affinity for pod assignment. Evaluated as a template.
	## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity
	##
	affinity: {}

	## Node labels for pod assignment. Evaluated as a template.
	## ref: https://kubernetes.io/docs/user-guide/node-selection/
	##
	nodeSelector: {}

	## Tolerations for pod assignment. Evaluated as a template.
	## ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/
	##
	tolerations: []

	## Pod extra labels
	## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/
	##
	podLabels: {}

	## Annotations for server pods.
	## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/
	##
	podAnnotations: {}

	## Keycloak pods' priority.
	## ref: https://kubernetes.io/docs/concepts/configuration/pod-priority-preemption/
	##
	# priorityClassName: ""

	## lifecycleHooks for the Keycloak container to automate configuration before or after startup.
	##
	lifecycleHooks: {}

	## Extra volumes to add to the deployment
	##
	extraVolumes: []

	## Extra volume mounts to add to the container
	##
	extraVolumeMounts: []

	## Add init containers to the Keycloak pods.
	## Example:
	## initContainers:
	## - name: your-image-name
	## image: your-image
	## imagePullPolicy: Always
	## ports:
	## - name: portname
	## containerPort: 1234
	##
	initContainers: {}

	## Add sidecars to the Keycloak pods.
	## Example:
	## sidecars:
	## - name: your-image-name
	## image: your-image
	## imagePullPolicy: Always
	## ports:
	## - name: portname
	## containerPort: 1234
	##
	sidecars: {}

	## Service configuration
	##
	service:
	## Service type.
	##
	type: ClusterIP
	## HTTP Port
	##
	port: 80
	## HTTPS Port
	##
	httpsPort: 443
	## Specify the nodePort values for the LoadBalancer and NodePort service types.
	## ref: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport
	##
	nodePorts:
	http: ""
	https: ""
	## Service clusterIP.
	##
	# clusterIP: None
	## loadBalancerIP for the SuiteCRM Service (optional, cloud specific)
	## ref: http://kubernetes.io/docs/user-guide/services/#type-loadbalancer
	##
	# loadBalancerIP:
	## Load Balancer sources
	## https://kubernetes.io/docs/tasks/access-application-cluster/configure-cloud-provider-firewall/#restrict-access-for-loadbalancer-service
	## Example:
	## loadBalancerSourceRanges:
	## - 10.10.10.0/24
	##
	loadBalancerSourceRanges: []
	## Enable client source IP preservation
	## ref http://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/#preserving-the-client-source-ip
	##
	externalTrafficPolicy: Cluster
	## Provide any additional annotations which may be required (evaluated as a template).
	##
	annotations: {}

	## Ingress configuration
	##
	ingress:
	## Set to true to enable ingress record generation
	##
	enabled: true

	## Set this to true in order to add the corresponding annotations for cert-manager
	##
	certManager: false

	## When the ingress is enabled, a host pointing to this will be created
	##
	hostname: kc-greg.illumidesk.com

	## Override API Version (automatically detected if not set)
	##
	apiVersion:

	## Ingress Path
	##
	path: /

	## Ingress Path type
	##
	pathType: ImplementationSpecific

	## Ingress annotations done as key:value pairs
	## For a full list of possible ingress annotations, please see
	## ref: https://github.com/kubernetes/ingress-nginx/blob/master/docs/user-guide/nginx-configuration/annotations.md
	##
	## If certManager is set to true, annotation kubernetes.io/tls-acme: "true" will automatically be set
	##
	annotations:
	kubernetes.io/ingress.class: "nginx"
	# nginx.org/redirect-to-https: "true"
	# nginx.org/use-forwarded-headers: "false"
	## Enable TLS configuration for the hostname defined at ingress.hostname parameter
	## TLS certificates will be retrieved from a TLS secret with name: {{- printf "%s-tls" .Values.ingress.hostname }}
	## You can use the ingress.secrets parameter to create this TLS secret, relay on cert-manager to create it, or
	## let the chart create self-signed certificates for you
	##
	tls: false

	## The list of additional hostnames to be covered with this ingress record.
	## Most likely the hostname above will be enough, but in the event more hosts are needed, this is an array
	## Example:
	## extraHosts:
	## - name: keycloak.local
	## path: /
	##
	extraHosts: []

	## The tls configuration for additional hostnames to be covered with this ingress record.
	## see: https://kubernetes.io/docs/concepts/services-networking/ingress/#tls
	## Example:
	## extraTls:
	## - hosts:
	## - keycloak.local
	## secretName: keycloak.local-tls
	##
	extraTls: []

	## If you're providing your own certificates, please use this to add the certificates as secrets
	## key and certificate should start with -----BEGIN CERTIFICATE----- or -----BEGIN RSA PRIVATE KEY-----
	## name should line up with a secretName set further up
	##
	## If it is not set and you're using cert-manager, this is unneeded, as it will create the secret for you
	## If it is not set and you're NOT using cert-manager either, self-signed certificates will be created
	## It is also possible to create and manage the certificates outside of this helm chart
	## Please see README.md for more information
	##
	## Example
	## secrets:
	## - name: aspnet-core.local-tls
	## key: ""
	## certificate: ""
	##
	secrets: []

	## Network Policy configuration
	## ref: https://kubernetes.io/docs/concepts/services-networking/network-policies/
	##
	networkPolicy:
	## Enable creation of NetworkPolicy resources
	##
	enabled: false
	## The Policy model to apply. When set to false, only pods with the correct
	## client label will have network access to the ports Keycloak is listening
	## on. When true, Keycloak will accept connections from any source
	## (with the correct destination port).
	##
	allowExternal: true
	## Additional NetworkPolicy Ingress "from" rules to set. Note that all rules are OR-ed.
	## Example:
	## additionalRules:
	## - matchLabels:
	## - role: frontend
	## - matchExpressions:
	## - key: role
	## operator: In
	## values:
	## - frontend
	##
	additionalRules: {}

	## Specifies whether RBAC resources should be created
	##
	rbac:
	create: false
	## Custom RBAC rules
	## Example:
	## rules:
	## - apiGroups:
	## - ""
	## resources:
	## - pods
	## verbs:
	## - get
	## - list
	##
	rules: []

	## Specifies whether a ServiceAccount should be created
	##
	serviceAccount:
	create: true
	## The name of the ServiceAccount to use.
	## If not set and create is true, a name is generated using the fullname template
	##
	name: ""

	## Keycloak Pod Disruption Budget configuration
	## ref: https://kubernetes.io/docs/tasks/run-application/configure-pdb/
	##
	pdb:
	create: false
	## Min number of pods that must still be available after the eviction
	##
	minAvailable: 1
	## Max number of pods that can be unavailable after the eviction
	##
	# maxUnavailable: 1

	## Keycloak Autoscaling configuration
	##
	autoscaling:
	enabled: false
	minReplicas: 1
	maxReplicas: 11
	# targetCPU: 50
	# targetMemory: 50

	## Metrics configuration
	##
	metrics:
	## Enable Keycloak statistics
	## ref: https://github.com/bitnami/bitnami-docker-keycloak#enabling-statistics
	##
	enabled: false

	## Keycloak metrics service parameters
	##
	service:
	## HTTP management port
	##
	port: 9990
	## Annotations for the Prometheus exporter service
	##
	annotations:
	prometheus.io/scrape: "true"
	prometheus.io/port: "{{ .Values.metrics.service.port }}"

	## Prometheus Operator ServiceMonitor configuration
	##
	serviceMonitor:
	## If the operator is installed in your cluster, set to true to create a Service Monitor Entry
	##
	enabled: false
	## Specify the namespace in which the serviceMonitor resource will be created
	##
	# namespace: ""
	## Specify the interval at which metrics should be scraped
	##
	interval: 30s
	## Specify the timeout after which the scrape is ended
	##
	# scrapeTimeout: 30s
	## Specify Metric Relabellings to add to the scrape endpoint
	##
	# relabellings:
	## Specify honorLabels parameter to add the scrape endpoint
	##
	honorLabels: false
	## Specify the release for ServiceMonitor. Sometimes it should be custom for prometheus operator to work
	##
	# release: ""
	## Used to pass Labels that are used by the Prometheus installed in your cluster to select Service Monitors to work with
	## ref: https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#prometheusspec
	##
	additionalLabels: {}
	##
	## PostgreSQL chart configuration
	## ref: https://github.com/bitnami/charts/blob/master/bitnami/postgresql/values.yaml
	##
	postgresql:
	## Whether to deploy a postgresql server to satisfy the applications database requirements. To use an external database set this to false and configure the externalDatabase parameters
	##
	enabled: true
	## PostgreSQL user (has superuser privileges if username is `postgres`)
	## ref: https://github.com/bitnami/bitnami-docker-postgresql/blob/master/README.md#setting-the-root-password-on-first-run
	##
	postgresqlUsername: keycloak
	## PostgreSQL password
	## Defaults to a random 10-character alphanumeric string if not set
	## ref: https://github.com/bitnami/bitnami-docker-postgresql/blob/master/README.md#setting-the-root-password-on-first-run
	##
	postgresqlPassword: password
	## Database name to create
	## ref: https://github.com/bitnami/bitnami-docker-postgresql/blob/master/README.md#creating-a-database-on-first-run
	##
	postgresqlDatabase: keycloak
	## In case of postgresql.enabled = true, allow the usage of existing secrets for postgresql
	##
	existingSecret:
	## PostgreSQL data Persistent Volume Storage Class
	##
	persistence:
	enabled: true

	##
	## External database configuration
	##
	externalDatabase:
	## Database host
	##
	host: ""
	## Database port
	##
	port: 5432
	## non admin username for Keycloak Database
	##
	user: bn_keycloak
	## Database password
	##
	password: ""
	## Database name
	##
	database: bitnami_keycloak