opendesk/helmfile/apps/univention-management-stack/values-ums-keycloak.yaml.gotmpl

{{/*
SPDX-FileCopyrightText: 2023 Bundesministerium des Innern und für Heimat, PG ZenDiS "Projektgruppe für Aufbau ZenDiS"
SPDX-License-Identifier: Apache-2.0
*/}}
---
global:
  domain: {{ .Values.global.domain | quote }}
  hosts:
    {{ .Values.global.hosts | toYaml | nindent 4 }}
  imagePullSecrets:
    {{ .Values.global.imagePullSecrets | toYaml | nindent 4 }}

image:
  registry: {{ .Values.global.imageRegistry | default .Values.images.umsKeycloak.registry | quote }}
  repository: {{ .Values.images.umsKeycloak.repository | quote }}
  tag: {{ .Values.images.umsKeycloak.tag | quote }}
  pullPolicy: {{ .Values.global.imagePullPolicy | quote }}

config:
  admin:
    password: {{ .Values.secrets.keycloak.adminPassword | quote }}
  database:
    host: {{ .Values.databases.keycloak.host | quote }}
    port: {{ .Values.databases.keycloak.port }}
    user: {{ .Values.databases.keycloak.username | quote }}
    database: {{ .Values.databases.keycloak.name | quote }}
    password: {{ .Values.databases.keycloak.password | default .Values.secrets.postgresql.keycloakUser | quote }}
  logLevel: {{ if .Values.debug.enabled }}"DEBUG"{{ else }}"INFO"{{ end }}
  enableMetrics: true
  # The availability of the admin console is already restricted through the path settings in the Keycloak Extensions
  # Proxy which is used in openDesk. The setting here is just relevant when Keycloak endpoints are exposed directly
  # through an own ingress.
  exposeAdminConsole: false

containerSecurityContext:
  allowPrivilegeEscalation: false
  capabilities:
    drop:
      - "ALL"
  seccompProfile:
    type: "RuntimeDefault"
  privileged: false
  readOnlyRootFilesystem: false
  runAsUser: 1000
  runAsGroup: 1000
  runAsNonRoot: true
  seLinuxOptions: {{ .Values.seLinuxOptions.umsKeycloak }}

podSecurityContext:
  fsGroup: 1000
  fsGroupChangePolicy: "OnRootMismatch"

theme:
  univentionTheme: "https://{{ .Values.global.hosts.univentionManagementStack }}.{{ .Values.global.domain }}/univention/theme.css"
  univentionCustomTheme: "https://{{ .Values.global.hosts.univentionManagementStack }}.{{ .Values.global.domain }}/univention/portal/css/custom.css"
  favIcon: "https://{{ .Values.global.hosts.univentionManagementStack }}.{{ .Values.global.domain }}/favicon.ico"

replicaCount: {{ .Values.replicas.keycloak }}

resources:
  {{ .Values.resources.umsKeycloak | toYaml | nindent 2 }}

...