manifests/values/keycloak/values-prod.yaml

replicaCount: 2

production: true

proxy: edge

auth:
  adminPassword: en to tre fire
  adminUser: admin
  existingSecret: ""
  managementPassword: ""
  managementUser: manager

postgresql:
  enabled: false

externalDatabase:
  host: prod-keycloak-db-rw
  port: 5432
  database: app
  existingSecret: prod-keycloak-db-app
  existingSecretUserKey: username
  existingSecretPasswordKey: password

extraVolumeMounts:
- mountPath: /opt/bitnami/keycloak/themes/oceanbox
  name: theme

extraVolumes:
- emptyDir: {}
  name: theme

ingress:
  annotations:
    cert-manager.io/cluster-issuer: letsencrypt-production
    nginx.ingress.kubernetes.io/enable-cors: "true"
    nginx.ingress.kubernetes.io/backend-protocol: HTTP
    nginx.ingress.kubernetes.io/proxy-buffer-size: 128k
    nginx.ingress.kubernetes.io/ssl-redirect: "true"
  enabled: true
  hostname: auth.oceanbox.io
  ingressClassName: nginx
  path: /
  pathType: ImplementationSpecific
  selfSigned: false
  servicePort: http
  tls: true

adminIngress:
  enabled: false
  annotations:
    cert-manager.io/cluster-issuer: letsencrypt-production
    nginx.ingress.kubernetes.io/enable-cors: "true"
    nginx.ingress.kubernetes.io/backend-protocol: HTTP
    nginx.ingress.kubernetes.io/proxy-buffer-size: 128k
    nginx.ingress.kubernetes.io/ssl-redirect: "true"
    nginx.ingress.kubernetes.io/whitelist-source-range: 10.0.0.0/8,172.16.0.0/12,192.168.0.0/16
  hostname: keycloak.adm.oceanbox.io
  ingressClassName: nginx
  path: /
  pathType: ImplementationSpecific
  selfSigned: false
  servicePort: http
  tls: true

keycloakConfigCli:
  enabled: false
  configuration:
    master.json: |
      {
        "realm" : "master",
        "attributes": {
          "frontendUrl": "https://keycloak.adm.oceanbox.io"
        }
      }

initContainers: |
  - name: keycloak-theme-provider
    image: docker.io/juselius/oceanbox-theme:1.2
    imagePullPolicy: Always
    command:
      - sh
    args:
      - -c
      - |
        echo "Copying theme..."
        cp -R /theme/* /keycloak/themes/oceanbox
    volumeMounts:
      - name: theme
        mountPath: /keycloak/themes/oceanbox

automountServiceAccountToken: true

serviceAccount:
  create: true
  automountServiceAccountToken: true

extraDeploy:
- apiVersion: postgresql.cnpg.io/v1
  kind: Cluster
  metadata:
    name: prod-keycloak-db
    namespace: keycloak
  spec:
    instances: 2
    imageName: ghcr.io/cloudnative-pg/postgresql:17.2-27-bookworm
    storage:
      resizeInUseVolumes: true
      size: 10Gi
    backup:
      retentionPolicy: 60d
      target: prefer-standby