forked from eclipse-tractusx/portal-iam
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathvalues.yaml
203 lines (202 loc) · 7.88 KB
/
values.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
###############################################################
# Copyright (c) 2022 Contributors to the Eclipse Foundation
#
# See the NOTICE file(s) distributed with this work for additional
# information regarding copyright ownership.
#
# This program and the accompanying materials are made available under the
# terms of the Apache License, Version 2.0 which is available at
# https://www.apache.org/licenses/LICENSE-2.0.
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
#
# SPDX-License-Identifier: Apache-2.0
###############################################################
keycloak:
auth:
adminUser: admin
# -- sharedidp Keycloak administrator password.
adminPassword: ""
# -- Secret containing the password for admin username 'admin'.
existingSecret: ""
# -- Run Keycloak in production mode. TLS configuration is required except when using proxy=edge.
production: false
# -- Setting the path relative to '/' for serving resources:
# as we're migrating from 16.1.1 version which was using the trailing 'auth', we're setting it to '/auth/'.
# ref: https://www.keycloak.org/migration/migrating-to-quarkus#_default_context_path_changed
httpRelativePath: /auth/
replicaCount: 1
extraVolumes:
- name: themes-catenax-shared
emptyDir: {}
- name: themes-catenax-shared-portal
emptyDir: {}
extraVolumeMounts:
- name: themes-catenax-shared
mountPath: /opt/bitnami/keycloak/themes/catenax-shared
- name: themes-catenax-shared-portal
mountPath: /opt/bitnami/keycloak/themes/catenax-shared-portal
initContainers:
- name: import
image: docker.io/tractusx/portal-iam:v4.0.0
imagePullPolicy: IfNotPresent
command:
- sh
args:
- -c
- |
echo "Copying themes-catenax-shared..."
cp -R /import/themes/catenax-shared/* /themes-catenax-shared
echo "Copying themes-catenax-shared-portal..."
cp -R /import/themes/catenax-shared-portal/* /themes-catenax-shared-portal
volumeMounts:
- name: themes-catenax-shared
mountPath: /themes-catenax-shared
- name: themes-catenax-shared-portal
mountPath: /themes-catenax-shared-portal
service:
sessionAffinity: ClientIP
ingress:
# -- Enable ingress record generation
enabled: false
ingressClassName: ""
# -- Provide default path for the ingress record.
hostname: ""
# -- Optional annotations when using the nginx ingress class;
# Enable TLS configuration for the host defined at `ingress.hostname` parameter;
# TLS certificates will be retrieved from a TLS secret with name: `{{- printf "%s-tls" .Values.ingress.hostname }}`;
# Provide the name of ClusterIssuer to acquire the certificate required for this Ingress.
annotations: {}
# cert-manager.io/cluster-issuer: ""
# nginx.ingress.kubernetes.io/cors-allow-credentials: "true"
# nginx.ingress.kubernetes.io/cors-allow-methods: "PUT, GET, POST, OPTIONS"
# nginx.ingress.kubernetes.io/cors-allow-origin: "https://sharedidp.example.org"
# nginx.ingress.kubernetes.io/enable-cors: "true"
# nginx.ingress.kubernetes.io/proxy-buffer-size: "128k"
# nginx.ingress.kubernetes.io/proxy-buffering: "on"
# nginx.ingress.kubernetes.io/proxy-buffers-number: "20"
# nginx.ingress.kubernetes.io/use-regex: "true"
tls: false
rbac:
create: true
rules:
- apiGroups:
- ""
resources:
- pods
verbs:
- get
- list
postgresql:
# -- PostgreSQL chart configuration (recommended for demonstration purposes only);
# default configurations:
# host: "sharedidp-postgresql",
# port: 5432;
# Switch to enable or disable the PostgreSQL helm chart.
enabled: true
# -- Setting to Postgres version 15 as that is the aligned version,
# https://eclipse-tractusx.github.io/docs/release/trg-5/trg-5-07/#aligning-dependency-versions).
# Keycloak helm-chart from Bitnami has moved on to version 16.
image:
tag: 15-debian-11
commonLabels:
app.kubernetes.io/version: "15"
auth:
# -- Non-root username.
username: kcshared
# -- Non-root user password.
password: ""
# -- Root user password.
postgresPassword: ""
# -- Database name.
database: iamsharedidp
# -- Secret containing the passwords for root usernames postgres and non-root username kcshared.
existingSecret: ""
architecture: standalone
externalDatabase:
# -- External PostgreSQL configuration
# IMPORTANT: non-root db user needs needs to be created beforehand on external database.
host: ""
# -- Database port number.
port: 5432
# -- Non-root username.
user: ""
# -- Database name.
database: ""
# -- Password for the non-root username.
password: ""
# -- Secret containing the database credentials.
existingSecret: ""
existingSecretHostKey: ""
existingSecretPortKey: ""
existingSecretUserKey: ""
existingSecretDatabaseKey: ""
existingSecretPasswordKey: ""
# -- Seeding job to create and update the CX-Operator and master realms:
# besides creating those realm, the job can be used to update
# the configuration of the realms when upgrading to a new version;
# Please refer to /docs/admin/technical-documentation/14. Realm Seeding.md for more details.
# Please also refer to the 'Post-Upgrade Configuration' section in the README.md
# for configuration possibly not covered by the seeding job.
realmSeeding:
enabled: true
realms:
cxOperator:
sslRequired: external
# -- Set centralidp address for the connection to the CX-Central realm.
centralidp: https://centralidp.example.org
# -- Configure initial user in CX-Operator realm.
initialUser:
# -- SET username for all non-testing and non-local purposes.
username: cx-operator@tx.org
# -- SET password for all non-testing and non-local purposes, default value is "!3changemeTractus-X".
password: ""
firstName: Operator
lastName: CX Admin
eMail: cx-operator@tx.org
# -- Set mailing configuration for CX-Operator realm.
mailing:
host: smtp.example.org
port: '123'
username: smtp-user
password: ""
from: email@example.org
replyTo: email@example.org
# -- Option to provide an existingSecret for initial user and mailing configuration.
existingSecret: ""
master:
serviceAccounts:
# -- Set clients secret for the service account which enables the portal to provision new realms.
provisioning:
# -- SET client secret for all non-testing and non-local purposes, default value is autogenerated.
clientSecret: ""
# -- Set clients secret for the service account which enables the portal to manage the CX-Operator realm.
saCxOperator:
# -- SET client secret for all non-testing and non-local purposes, default value is autogenerated.
clientSecret: ""
# -- Option to provide an existingSecret for clients secrets with clientId as key and clientSecret as value.
existingSecret: ""
image:
name: docker.io/tractusx/portal-iam-seeding:v4.0.0-iam
pullPolicy: IfNotPresent
initContainer:
image:
name: docker.io/tractusx/portal-iam:v4.0.0
pullPolicy: IfNotPresent
portContainer: 8080
keycloakServicePort: 80
keycloakServiceTls: false
# -- We recommend to review the default resource limits as this should a conscious choice.
resources:
requests:
cpu: 250m
memory: 700M
ephemeral-storage: 50Mi
limits:
cpu: 750m
memory: 700M
ephemeral-storage: 1024Mi