buun-stack/keycloak/keycloak-values.gomplate.yaml

global:
  security:
    allowInsecureImages: true

production: true

# Enable HTTP for health checks in production mode
extraEnvVars:
  - name: KC_HTTP_ENABLED
    value: "true"

auth:
  adminUser: {{ .Env.KEYCLOAK_ADMIN_USER }}
  existingSecret: keycloak-credentials
  passwordSecretKey: password

postgresql:
  enabled: false

externalDatabase:
  host: postgres-cluster-rw.postgres
  port: 5432
  database: keycloak
  existingSecret: database-config
  existingSecretUserKey: user
  existingSecretPasswordKey: password

tls:
  enabled: true
  autoGenerated:
    enabled: true
    engine: helm

# Keycloak pod may not start with the default memory limits
resources:
  limits:
    memory: 2Gi
  requests:
    memory: 1.5Gi

image:
  registry: docker.io
  repository: bitnamilegacy/keycloak
  # tag: 26.0.5-debian-12-r0
  # debug: true

# logging:
#   level: DEBUG

ingress:
  enabled: true
  ingressClassName: traefik
  hostname: {{ .Env.KEYCLOAK_HOST }}
  annotations:
    kubernetes.io/ingress.class: traefik
    traefik.ingress.kubernetes.io/router.entrypoints: websecure
  tls: true