kubernetes/namespaces/tooling/keycloak/configmap.yaml


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25

apiVersion: v1
kind: ConfigMap
metadata:
  name: keycloak-config-env
  namespace: tooling
data:
  # Set the hostname for outbound traffic and enable the feature to read that
  # environment variable
  KC_HOSTNAME: "id.pydis.wtf"

  # Set the location of the TLS certificates generated by Vault
  KC_HTTPS_CERTIFICATE_FILE: "/vault/secrets/server.crt"
  KC_HTTPS_CERTIFICATE_KEY_FILE: "/vault/secrets/server.key"

  # Proxy settings
  KC_PROXY_HEADERS: "xforwarded"

  # Database configuration
  KC_DB: "postgres"
  KC_DB_USERNAME: "keycloak"
  KC_DB_URL_DATABASE: "keycloak"
  KC_DB_URL_HOST: "lovelace.box.pydis.wtf"

  # Trusted cert for the connection to the LDAP server
  KC_TRUSTSTORE_PATHS: "/opt/pydis/ca-store/pydis-ipa-cert.pem"