apiVersion: v1
kind: ConfigMap
metadata:
  name: keycloak-config-env
  namespace: tooling
data:
  # Set the hostname for outbound traffic and enable the feature to read that
  # environment variable
  KC_HOSTNAME: "id.pydis.wtf"

  # Set the location of the TLS certificates generated by Vault
  # KC_HTTPS_CERTIFICATE_FILE: "/vault/secrets/server.crt"
  # KC_HTTPS_CERTIFICATE_KEY_FILE: "/vault/secrets/server.key"

  # Proxy settings
  KC_HTTP_ENABLED: "true"
  KC_PROXY_HEADERS: "xforwarded"

  # Database configuration
  KC_DB: "postgres"
  KC_DB_USERNAME: "keycloak"
  KC_DB_URL_DATABASE: "keycloak"
  KC_DB_URL_HOST: "lovelace.box.pydis.wtf"

  # Trusted cert for the connection to the LDAP server
  KC_TRUSTSTORE_PATHS: "/opt/pydis/ca-store/pydis-ipa-cert.pem"