| accessLog.enabled | bool | Flag to enable access logging from the Keycloak server. | true
|
| accessLog.logToFile | bool | Whether to log to file or stdout/stderr. | false
|
| accessLog.pattern | string | Access log pattern to use. | "%h %l %u %t \"%r\" %s %b"
|
| containerSecurityContext | object | The security context of the Keycloak container | {"allowPrivilegeEscalation":false,"capabilities":{"drop":["ALL"]},"privileged":false,"readOnlyRootFilesystem":true,"runAsNonRoot":true}
|
| extraEnvVars | list | Any additional env vars to be added to the container. | []
|
| global.ingress.className | string | The ingress class name. | "nginx"
|
| global.ingress.tls[0] | object | List of hostnames for which TLS should be enabled. | {"hosts":[],"secretName":null}
|
| global.ingress.tls[0].secretName | string | An existing secret containing the TLS cert and key. Note these must use keys named tls.crt and tls.key. Note that if ingress.tls.secretName is not set, the chart will look for global.ingress.tls is also set that will take precedence. | nil
|
| global.keycloak.auth.adminPassword | string | Admin password for Keycloak. If not set, an existing secret must be provided instead via existingSecretName and existingSecretkey. | nil
|
| global.keycloak.auth.adminUser | string | Admin username for Keycloak. | "admin"
|
| global.keycloak.auth.existingSecretName | string | Name of an existing secret containing the admin password for Keycloak. if set existingSecretkey must be set too. If not set, adminPassword must be provided. | nil
|
| global.keycloak.auth.existingSecretkey | string | The key containing the password inside existingSecretName. If not set, adminPassword must be provided. | nil
|
| global.keycloak.host | string | Hostname to be used for Keycloak. | nil
|
| global.postgresql.auth.existingSecret | string | If desired, supply the name of an existing secret containing the database password instead of supplying the password under postgresPassword. | nil
|
| global.postgresql.auth.postgresPassword | string | Password for the postgres admin user. Used for authentication with the PostgreSQL instance and inherited by the postgresql sub-chart to configure the postgres user. | "postgres"
|
| global.postgresql.auth.secretKeys.adminPasswordKey | string | If you have supplied an existing secret, provide the name of the key under which the password is stored. | "postgres-password"
|
| global.postgresql.database | string | The database which should be used on the postgres instance. | "keycloak"
|
| global.postgresql.host | string | Hostname of the PostgreSQL instance to be used. | "eggplant-iam-postgres"
|
| global.postgresql.port | int | Port of the PostgreSQL instance to be used. | 5432
|
| global.postgresql.username | string | The username of the postgres user. | "postgres"
|
| image.name | string | The image name. | "keycloak-server"
|
| image.pullPolicy | string | Image pull policy. | "IfNotPresent"
|
| image.repository | string | The image repository name. | "quay.io/eggplantsoftware"
|
| image.tag | string | Eggplant IAM tag to use. (Should not normally be changed unless directed to by support.) | "6.3.299"
|
| ingress.extraAdminAnnotations | object | Any additional annotations to be added to the admin ingress. | {}
|
| ingress.extraAnnotations | object | Any additional annotations to be added to the main ingress. | {}
|
| ingress.tls.secretName | string | An existing secret containing the TLS cert and key for the ingress. Note these must use keys named tls.crt and tls.key. Takes precedence over global.ingress.tls. If neither is set, TLS will not be enabled. | nil
|
| metrics.enabled | bool | Flag to enable metrics from the Keycloak server. | false
|
| metrics.serviceMonitor.namespace | string | Namespace to create the service monitor. Will default to the installation namespace. | nil
|
| metrics.serviceMonitor.scrapeInterval | string | Scrape interval for metrics. | "30s"
|
| nodeSelector | string | The node selector that will be applied to the Keycloak pod. | nil
|
| podSecurityContext | object | The pod Security Context. | {"seccompProfile":{"type":"RuntimeDefault"}}
|
| postgresql.enabled | bool | Should a PostgreSQL pod be launched in addition to the Eggplant IAM container itself. | true
|
| postgresql.image.registry | string | | "docker.io"
|
| postgresql.image.repository | string | | "library/postgres"
|
| postgresql.image.tag | float | | 17.6
|
| replicas | int | The number of Keycloak replicas that should be run. | 1
|
| resources.limits.memory | string | The Keycloak pod memory limits. | "786Mi"
|
| resources.requests.cpu | string | The Keycloak pod CPU requests. | "500m"
|
| resources.requests.memory | string | The Keycloak pod memory requests. | "786Mi"
|
| serviceAccount.annotations | object | If serviceAccount.create=True, supply any additional annotations to be added to the service account. | {}
|
| serviceAccount.create | bool | Should the service account be created by the Helm chart. | true
|
| serviceAccount.name | string | If serviceAccount.create=False, supply the name of an existing service account. | ""
|
| terminationGracePeriodSeconds | int | Grace period before the Keycloak pod is terminated. | 30
|