Last active
August 9, 2022 12:51
-
-
Save jxsl13/39fb3f86b11b63857971633223938b62 to your computer and use it in GitHub Desktop.
Example helm chart values for bitnami/keycloak (Integration tests)
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| global: | |
| imageRegistry: docker.io | |
| imagePullSecrets: [] | |
| image: | |
| repository: bitnami/keycloak | |
| tag: 18.0.1-debian-11-r2 | |
| auth: | |
| adminUser: admin | |
| adminPassword: password | |
| proxy: none | |
| service: | |
| type: ClusterIP | |
| existingConfigmap: "" | |
| extraStartupArgs: "" | |
| initdbScripts: {} | |
| initdbScriptsConfigMap: "" | |
| extraEnvVarsCM: [] | |
| extraEnvVarsSecret: "" | |
| extraEnvVars: | |
| - name: LOGGING_LEVEL_ROOT | |
| value: INFO | |
| extraVolumeMounts: "" | |
| extraVolumes: "" | |
| resources: | |
| limits: | |
| memory: 1Gi | |
| cpu: 400m | |
| requests: | |
| memory: 256Mi | |
| cpu: 50m | |
| postgresql: | |
| enabled: false | |
| externalDatabase: | |
| host: "postgres-postgresql" | |
| port: "5432" | |
| user: "user" | |
| password: "password" | |
| database: "keycloak" | |
| keycloakConfigCli: | |
| enabled: true | |
| backoffLimit: 1 | |
| image: | |
| registry: docker.io | |
| pullPolicy: IfNotPresent | |
| pullSecrets: [] | |
| repository: bitnami/keycloak-config-cli | |
| tag: 5.2.1-debian-11-r2 | |
| # https://downloads.bitnami.com/files/stacksmith/keycloak-config-cli-5.2.1-0-linux-amd64-debian-11.tar.gz | |
| # content of the link above | |
| command: | |
| - java | |
| - -jar | |
| - /opt/bitnami/keycloak-config-cli/keycloak-config-cli-18.0.1.jar | |
| args: [] | |
| extraEnvVars: | |
| - name: KEYCLOAK_AVAILABILITYCHECK_TIMEOUT | |
| value: 300s | |
| extraEnvVarsCM: "" | |
| extraEnvVarsSecret: "" | |
| extraVolumes: [] | |
| extraVolumeMounts: [] | |
| # https://github.com/bitnami/charts/issues/10034#issuecomment-1119342683 | |
| # do not try to overwrite existing realms like master realm, use a completely new realm | |
| # https://github.com/adorsys/keycloak-config-cli/tree/main/src/test/resources/import-files | |
| configuration: | |
| realm.json: |- | |
| { | |
| "enabled": true, | |
| "realm": "development", | |
| "roles": | |
| { | |
| "client": | |
| { | |
| "svc-application": | |
| [ | |
| { | |
| "name": "admin", | |
| "description": "admin, allowed to use and manage the application", | |
| "composite": false, | |
| "clientRole": true, | |
| }, | |
| { | |
| "name": "user", | |
| "description": "user, allowed to use the api", | |
| "composite": false, | |
| "clientRole": true, | |
| }, | |
| ], | |
| }, | |
| }, | |
| "groups": | |
| [ | |
| { | |
| "name": "svc-application-group", | |
| "path": "/svc-application-group", | |
| "subGroups": | |
| [ | |
| { | |
| "name": "svc-application-user", | |
| "path": "/svc-application-group/svc-application-user", | |
| "clientRoles": { "svc-application": ["user"] }, | |
| }, | |
| { | |
| "name": "svc-application-admin", | |
| "path": "/svc-application-group/svc-application-admin", | |
| "clientRoles": { "svc-application": ["admin"] }, | |
| }, | |
| ], | |
| }, | |
| ], | |
| "clients": | |
| [ | |
| { | |
| "clientId": "public", | |
| "enabled": true, | |
| "standardFlowEnabled": false, | |
| "directAccessGrantsEnabled": true, | |
| "publicClient": true, | |
| }, | |
| { | |
| "clientId": "svc-application", | |
| "secret": "secret", | |
| "surrogateAuthRequired": false, | |
| "enabled": true, | |
| "alwaysDisplayInConsole": false, | |
| "clientAuthenticatorType": "client-secret", | |
| "redirectUris": [], | |
| "webOrigins": [], | |
| "notBefore": 0, | |
| "bearerOnly": false, | |
| "consentRequired": false, | |
| "standardFlowEnabled": false, | |
| "implicitFlowEnabled": false, | |
| "directAccessGrantsEnabled": true, | |
| "serviceAccountsEnabled": true, | |
| "authorizationServicesEnabled": true, | |
| "publicClient": false, | |
| "frontchannelLogout": false, | |
| "protocol": "openid-connect", | |
| "attributes": | |
| { | |
| "saml.force.post.binding": "false", | |
| "saml.multivalued.roles": "false", | |
| "frontchannel.logout.session.required": "false", | |
| "oauth2.device.authorization.grant.enabled": "true", | |
| "backchannel.logout.revoke.offline.tokens": "false", | |
| "saml.server.signature.keyinfo.ext": "false", | |
| "use.refresh.tokens": "true", | |
| "oidc.ciba.grant.enabled": "false", | |
| "backchannel.logout.session.required": "true", | |
| "client_credentials.use_refresh_token": "false", | |
| "require.pushed.authorization.requests": "false", | |
| "saml.client.signature": "false", | |
| "saml.allow.ecp.flow": "false", | |
| "id.token.as.detached.signature": "false", | |
| "saml.assertion.signature": "false", | |
| "client.secret.creation.time": "1656682818", | |
| "saml.encrypt": "false", | |
| "saml.server.signature": "false", | |
| "exclude.session.state.from.auth.response": "false", | |
| "saml.artifact.binding": "false", | |
| "saml_force_name_id_format": "false", | |
| "acr.loa.map": "{}", | |
| "tls.client.certificate.bound.access.tokens": "false", | |
| "saml.authnstatement": "false", | |
| "display.on.consent.screen": "false", | |
| "token.response.type.bearer.lower-case": "false", | |
| "saml.onetimeuse.condition": "false", | |
| }, | |
| "authenticationFlowBindingOverrides": {}, | |
| "fullScopeAllowed": true, | |
| "nodeReRegistrationTimeout": -1, | |
| "protocolMappers": | |
| [ | |
| { | |
| "name": "Client ID", | |
| "protocol": "openid-connect", | |
| "protocolMapper": "oidc-usersessionmodel-note-mapper", | |
| "consentRequired": false, | |
| "config": | |
| { | |
| "user.session.note": "clientId", | |
| "id.token.claim": "true", | |
| "access.token.claim": "true", | |
| "claim.name": "clientId", | |
| "jsonType.label": "String", | |
| }, | |
| }, | |
| { | |
| "name": "Client Host", | |
| "protocol": "openid-connect", | |
| "protocolMapper": "oidc-usersessionmodel-note-mapper", | |
| "consentRequired": false, | |
| "config": | |
| { | |
| "user.session.note": "clientHost", | |
| "id.token.claim": "true", | |
| "access.token.claim": "true", | |
| "claim.name": "clientHost", | |
| "jsonType.label": "String", | |
| }, | |
| }, | |
| { | |
| "name": "Client IP Address", | |
| "protocol": "openid-connect", | |
| "protocolMapper": "oidc-usersessionmodel-note-mapper", | |
| "consentRequired": false, | |
| "config": | |
| { | |
| "user.session.note": "clientAddress", | |
| "id.token.claim": "true", | |
| "access.token.claim": "true", | |
| "claim.name": "clientAddress", | |
| "jsonType.label": "String", | |
| }, | |
| }, | |
| ], | |
| "defaultClientScopes": | |
| ["web-origins", "acr", "roles", "profile", "email"], | |
| "optionalClientScopes": | |
| ["address", "phone", "offline_access", "microprofile-jwt"], | |
| }, | |
| ], | |
| "users": | |
| [ | |
| { | |
| "username": "service-account-svc-application", | |
| "enabled": true, | |
| "serviceAccountClientId": "svc-application", | |
| "realmRoles": ["default-roles-development"], | |
| "clientRoles": { "svc-application": ["uma_protection"] }, | |
| "notBefore": 0, | |
| }, | |
| { | |
| "username": "user", | |
| "email": "[email protected]", | |
| "enabled": true, | |
| "firstName": "user first name", | |
| "lastName": "user last name", | |
| "credentials": [{ "type": "password", "value": "password" }], | |
| "groups": ["/svc-application-group/svc-application-user"], | |
| }, | |
| { | |
| "username": "admin", | |
| "email": "[email protected]", | |
| "enabled": true, | |
| "firstName": "admin first name", | |
| "lastName": "admin last name", | |
| "credentials": [{ "type": "password", "value": "password" }], | |
| "groups": ["/svc-application-group/svc-application-admin"], | |
| }, | |
| { | |
| "username": "guest", | |
| "email": "[email protected]", | |
| "enabled": true, | |
| "firstName": "guest first name", | |
| "lastName": "guest last name", | |
| "credentials": [{ "type": "password", "value": "password" }], | |
| }, | |
| ], | |
| } |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment