Helm Values
| Key | Type | Description | Default |
|---|---|---|---|
| auth.adminPassword | string | The main admin password for the Eggplant IAM / Keycloak installation. | nil |
| auth.adminUser | string | The main admin user for the Eggplant IAM / Keycloak installation. | "admin" |
| auth.existingSecret | string | If preferred, please supply an existing secret name containing the secret password instead of setting auth.adminPassword. | nil |
| auth.existingSecretKey | string | If supplying an existing secret, provide the key within the secret containing the admin password. | nil |
| containerSecurityContext | object | The security context of the Keycloak container | {"allowPrivilegeEscalation":false,"capabilities":{"drop":["ALL"]},"privileged":false,"readOnlyRootFilesystem":true,"runAsGroup":1001,"runAsNonRoot":true,"runAsUser":2000,"seccompProfile":{"type":"RuntimeDefault"}} |
| extraEnvVars | list | Any additional env vars to be added to the container. | [] |
| global.postgresql.auth.existingSecret | string | If desired, supply the name of an existing secret containing the database password instead of supplying the password under postgresPassword. | nil |
| global.postgresql.auth.postgresPassword | string | Password for the postgres admin user. Used for authentication with the PostgreSQL instance and inherited by the postgresql sub-chart to configure the postgres user. | "postgres" |
| global.postgresql.auth.secretKeys.adminPasswordKey | string | If you have supplied an existing secret, provide the name of the key under which the password is stored. | "postgres-password" |
| global.postgresql.database | string | The database which should be used on the postgres instance. | "keycloak" |
| global.postgresql.host | string | Hostname of the PostgreSQL instance to be used. | "postgres" |
| global.postgresql.port | int | Port of the PostgreSQL instance to be used. | 5432 |
| global.postgresql.username | string | The username of the postgres user. | "postgres" |
| image.name | string | The image name. | "keycloak-server" |
| image.pullPolicy | string | Image pull policy. | "IfNotPresent" |
| image.repository | string | The image repository name. | "quay.io/eggplantsoftware" |
| image.tag | string | Eggplant IAM tag to use. (Should not normally be changed unless directed to by support.) | "develop" |
| ingress.className | string | The ingress class name. | "nginx" |
| ingress.extraAdminAnnotations | object | Any additional annotations to be added to the admin ingress. | {} |
| ingress.extraAnnotations | object | Any additional annotations to be added to the main ingress. | {} |
| ingress.hosts | list | List of hostnames to be added to the ingress. | [] |
| ingress.tls.secretName | string | An existing secret containing the TLS cert and key. Note these must use keys named tls.crt and tls.key. | nil |
| metrics.enabled | bool | Flag to enable metrics from the Keycloak server. | false |
| metrics.serviceMonitor.namespace | string | Namespace to create the service monitor. Will default to the installation namespace. | nil |
| metrics.serviceMonitor.scrapeInterval | string | Scrape interval for metrics. | "30s" |
| nodeSelector | string | The node selector that will be applied to the Keycloak pod. | nil |
| podSecurityContext | object | The pod Security Context. | {"fsGroup":1001,"fsGroupChangePolicy":"Always"} |
| postgresql.enabled | bool | Should a PostgreSQL pod be launched in addition to the Eggplant IAM container itself. | true |
| realmConfigInstaller.enabled | bool | Set to false to disable the Eggplant IAM custom configuration utility from running. | true |
| realmConfigInstaller.extras.dev | object | {} | |
| realmConfigInstaller.extras.initial_user.email | string | Email address of the user to create. | nil |
| realmConfigInstaller.extras.initial_user.enabled | bool | Flag to control if an inital user should be created. (Note this user can only be used to manage users for the application) | false |
| realmConfigInstaller.extras.initial_user.family_name | string | Family name of the user to create | nil |
| realmConfigInstaller.extras.initial_user.given_name | string | Given name of the user to create | nil |
| realmConfigInstaller.extras.initial_user.is_password_temporary | bool | Flag to tempoary password. Set to true to force the user to change the password at first login. | false |
| realmConfigInstaller.extras.initial_user.password | string | Password of the user to create | nil |
| realmConfigInstaller.extras.initial_user.username | string | Username of the user to create | nil |
| realmConfigInstaller.extras.on_prem | object | {} | |
| realmConfigInstaller.extras.reset_terms_acceptance.enabled | bool | false | |
| realmConfigInstaller.extras.smtp.auth | string | Boolean flag to control is authentication to the SMTP server is enabled | nil |
| realmConfigInstaller.extras.smtp.enabled | bool | Set to true to enable SMTP confguration in the realm. | false |
| realmConfigInstaller.extras.smtp.existingSecret | string | If desired provide the name of an existing secret containing the smtp configuration. Note that it must provide the following keys: * SMTP_START_TLS * SMTP_AUTH * SMTP_FROM * SMTP_FROM * SMTP_SSL * SMTP_PORT * SMTP_USERNAME * SMTP_PASSWORD | nil |
| realmConfigInstaller.extras.smtp.from | string | The email address from which emails will be sent | nil |
| realmConfigInstaller.extras.smtp.host | string | Hostname of the SMTP server | nil |
| realmConfigInstaller.extras.smtp.password | string | SMTP Sever password | nil |
| realmConfigInstaller.extras.smtp.port | string | SMTP Server port | nil |
| realmConfigInstaller.extras.smtp.ssl | string | Boolean flag to control is SSL is enabled | nil |
| realmConfigInstaller.extras.smtp.start_tls | string | Boolean flag to control is StartTLS is enabled | nil |
| realmConfigInstaller.extras.smtp.username | string | SMTP Sever username | nil |
| realmConfigInstaller.image.pullPolicy | string | Image pull policy. | "IfNotPresent" |
| replicas | int | The number of Keycloak replicas that should be run. | 1 |
| resources.limits.memory | string | The Keycloak pod memory limits. | "786Mi" |
| resources.requests.cpu | string | The Keycloak pod CPU requests. | "600m" |
| resources.requests.memory | string | The Keycloak pod memory requests. | "786Mi" |
| serviceAccount.annotations | object | If serviceAccount.create=True, supply any additional annotations to be added to the service account. | {} |
| serviceAccount.create | bool | Should the service account be created by the Helm chart. | true |
| serviceAccount.name | string | If serviceAccount.create=False, supply the name of an existing service account. | "" |
| terminationGracePeriodSeconds | int | Grace period before the Keycloak pod is terminated. | 30 |