k8s/core/keycloak/values.yaml

replicas: 1

image:
  repository: quay.io/keycloak/keycloak
  tag: "26.5.6"

command:
  - "/opt/keycloak/bin/kc.sh"
  - "start"
  - "--http-port=8080"
  - "--hostname-strict=false"
  - "--proxy-headers=xforwarded"

extraEnvFrom: |
  - secretRef:
      name: keycloak-creds

extraEnv: |
  - name: KC_HOSTNAME
    value: auth.hexor.cy
  - name: JAVA_OPTS_APPEND
    value: "-Djgroups.dns.query=keycloak-headless.keycloak.svc"

dbchecker:
  enabled: true

database:
  vendor: postgres
  hostname: psql.psql.svc
  port: 5432
  database: keycloak
  existingSecret: keycloak-creds
  existingSecretKey: KC_DB_PASSWORD

service:
  type: ClusterIP

ingress:
  enabled: true
  ingressClassName: traefik
  annotations:
    cert-manager.io/cluster-issuer: letsencrypt
    traefik.ingress.kubernetes.io/router.middlewares: kube-system-https-redirect@kubernetescrd
  rules:
    - host: auth.hexor.cy
      paths:
        - path: /
          pathType: Prefix
  tls:
    - secretName: keycloak-tls
      hosts:
        - auth.hexor.cy

resources:
  requests:
    cpu: 200m
    memory: 512Mi
  limits:
    cpu: "1"
    memory: 1Gi

nodeSelector:
  kubernetes.io/hostname: master.tail2fe2d.ts.net

tolerations:
  - key: node-role.kubernetes.io/master
    effect: NoSchedule
Added keycloak 2026-05-04 17:30:34 +01:00			`replicas: 1`

			`image:`
			`repository: quay.io/keycloak/keycloak`
			`tag: "26.5.6"`

			`command:`
			`- "/opt/keycloak/bin/kc.sh"`
			`- "start"`
			`- "--http-port=8080"`
			`- "--hostname-strict=false"`
			`- "--proxy-headers=xforwarded"`

			`extraEnvFrom: \|`
			`- secretRef:`
			`name: keycloak-creds`

			`extraEnv: \|`
			`- name: KC_HOSTNAME`
			`value: auth.hexor.cy`
			`- name: JAVA_OPTS_APPEND`
			`value: "-Djgroups.dns.query=keycloak-headless.keycloak.svc"`

			`dbchecker:`
			`enabled: true`

			`database:`
			`vendor: postgres`
			`hostname: psql.psql.svc`
			`port: 5432`
			`database: keycloak`
			`existingSecret: keycloak-creds`
			`existingSecretKey: KC_DB_PASSWORD`

			`service:`
			`type: ClusterIP`

			`ingress:`
			`enabled: true`
			`ingressClassName: traefik`
			`annotations:`
			`cert-manager.io/cluster-issuer: letsencrypt`
			`traefik.ingress.kubernetes.io/router.middlewares: kube-system-https-redirect@kubernetescrd`
			`rules:`
			`- host: auth.hexor.cy`
			`paths:`
			`- path: /`
			`pathType: Prefix`
			`tls:`
			`- secretName: keycloak-tls`
			`hosts:`
			`- auth.hexor.cy`

			`resources:`
			`requests:`
			`cpu: 200m`
			`memory: 512Mi`
			`limits:`
			`cpu: "1"`
			`memory: 1Gi`

			`nodeSelector:`
			`kubernetes.io/hostname: master.tail2fe2d.ts.net`

			`tolerations:`
			`- key: node-role.kubernetes.io/master`
			`effect: NoSchedule`