# Bitnami Keycloak Helm Chart Values
# Host: id.forteapps.net
# Chart version: 25.2.0

image:
  repository: bitnamilegacy/keycloak

production: true
proxyHeaders: xforwarded

auth:
  adminUser: admin
  existingSecret: keycloak-credentials
  passwordSecretKey: admin-password

ingress:
  enabled: true
  hostname: id.forteapps.net
  tls: true
  ingressClassName: traefik
  annotations:
    cert-manager.io/cluster-issuer: letsencrypt-prod

metrics:
  enabled: true
  prometheusRule:
    namespace: monitoring
    enabled: true

resources:
  requests:
    cpu: 250m
    memory: 512Mi
  limits:
    cpu: 500m
    memory: 1Gi

postgresql:
  enabled: true
  image:
    repository: bitnamilegacy/postgresql
  auth:
    existingSecret: keycloak-credentials
    secretKeys:
      adminPasswordKey: postgres-password
      userPasswordKey: password
    username: bn_keycloak
    database: bitnami_keycloak
  primary:
    persistence:
      size: 8Gi

keycloakConfigCli:
  enabled: true
  image:
    repository: bitnamilegacy/keycloak-config-cli
  configuration:
    forte-realm.json: |
      {
        "realm": "forte",
        "enabled": true,
        "displayName": "Forte",
        "sslRequired": "external",
        "registrationAllowed": false,
        "loginWithEmailAllowed": true,
        "resetPasswordAllowed": true,
        "rememberMe": true,
        "clients": [
          {
            "clientId": "gitea",
            "name": "Gitea",
            "enabled": true,
            "protocol": "openid-connect",
            "clientAuthenticatorType": "client-secret",
            "secret": "382ed413580cb79d0f54813e5da87007b28fe766a8903d378b9e1c266405a784",
            "standardFlowEnabled": true,
            "directAccessGrantsEnabled": false,
            "publicClient": false,
            "redirectUris": ["https://git.forteapps.net/*"],
            "webOrigins": ["https://git.forteapps.net"],
            "defaultClientScopes": ["openid", "email", "profile"]
          }
        ]
      }