replicas: 1

image:
  repository: quay.io/keycloak/keycloak
  tag: "26.5.6"

command:
  - "/opt/keycloak/bin/kc.sh"
  - "start"
  - "--http-port=8080"
  - "--hostname-strict=false"
  - "--proxy-headers=xforwarded"

extraEnvFrom: |
  - secretRef:
      name: keycloak-creds

extraEnv: |
  - name: KC_HOSTNAME
    value: auth.hexor.cy
  - name: JAVA_OPTS_APPEND
    value: "-Djgroups.dns.query=keycloak-headless.keycloak.svc"

dbchecker:
  enabled: true

database:
  vendor: postgres
  hostname: psql.psql.svc
  port: 5432
  database: keycloak
  existingSecret: keycloak-creds
  existingSecretKey: KC_DB_PASSWORD

service:
  type: ClusterIP

ingress:
  enabled: true
  ingressClassName: traefik
  annotations:
    cert-manager.io/cluster-issuer: letsencrypt
    traefik.ingress.kubernetes.io/router.middlewares: kube-system-https-redirect@kubernetescrd
  rules:
    - host: auth.hexor.cy
      paths:
        - path: /
          pathType: Prefix
  tls:
    - secretName: keycloak-tls
      hosts:
        - auth.hexor.cy

resources:
  requests:
    cpu: 200m
    memory: 512Mi
  limits:
    cpu: "1"
    memory: 1Gi

nodeSelector:
  kubernetes.io/hostname: master.tail2fe2d.ts.net

tolerations:
  - key: node-role.kubernetes.io/master
    effect: NoSchedule