Skip to content

Commit

Permalink
chore: add readme
Browse files Browse the repository at this point in the history
  • Loading branch information
@aaronschweig
aaronschweig committed Feb 1, 2025
1 parent 1d44d9e commit ca0a0ab
Showing 1 changed file with 84 additions and 0 deletions.
84 changes: 84 additions & 0 deletions charts/keycloak/README.md
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,84 @@
# keycloak

A Helm chart to deploy keycloak as OIDC provider in openmfp

![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square)

## Requirements

| Repository | Name | Description | Sources |
|------------|------|-------------|---------|
| `oci://registry-1.docker.io/bitnamicharts` | `keycloak` | The open source bitnami keycloak chart to deploy keycloak. | [source](https://github.com/bitnami/charts/tree/main/bitnami/keycloak) |
| `oci://ghcr.io/openmfp/helm-charts` | `common` | The `common` chart is a library of common resources that are shared across all other charts in the repository. It has no templates, but provides helm template functions and [default values](https://github.com/openmfp/helm-charts/blob/main/charts/common/values.yaml) that can be used by other charts. |[source](https://github.com/openmfp/helm-charts/tree/main/charts/common)|
## Values
| Key | Type | Default | Description |
|-----|------|---------|-------------|
| crossplane.clients.openmfp.name | string | `"OpenMFP"` | name of the client |
| crossplane.clients.openmfp.validRedirectUris | list | `["http://localhost:8000/callback*"]` | valid redirect uris for the client |
| crossplane.clients.openmfp.validRedirectUris[0] | string | `"http://localhost:8000/callback*"` | keycloak callback url |
| crossplane.enabled | bool | `false` | toggle to enable/disable crossplane |
| crossplane.identityProviders | object | `{}` | |
| crossplane.providerConfig | object | `{"name":"keycloak-provider-config","namespace":"openmfp-system"}` | crossplane provider config |
| crossplane.providerConfig.name | string | `"keycloak-provider-config"` | name of the client |
| crossplane.providerConfig.namespace | string | `"openmfp-system"` | client namespace |
| crossplane.realm | object | `{"displayName":"OpenMFP","name":"openmfp","registrationAllowed":false}` | crossplane realm config |
| crossplane.realm.displayName | string | `"OpenMFP"` | realm display name |
| crossplane.realm.name | string | `"openmfp"` | realm name |
| crossplane.realm.registrationAllowed | bool | `false` | realm registration allowed |
| crossplane.trustedAudiences | list | `[]` | |
| debug | bool | `false` | debug mode |
| domain | object | `{"name":"openmfp.org","pathPrefix":""}` | domain configuration |
| domain.name | string | `"openmfp.org"` | domain name |
| domain.pathPrefix | string | `""` | path prefix |
| externalSecrets | object | `{"keycloakAdminRemoteRef":"","postgres-adminRemoteRef":""}` | external secrets configuration |
| externalSecrets.keycloakAdminRemoteRef | string | `""` | keycloak admin secret |
| externalSecrets.postgres-adminRemoteRef | string | `""` | postgres admin secret |
| istio.virtualservice.hosts | list | `["auth.openmfp.org"]` | istio virtual service hosts |
| job | object | `{"annotations":{"argocd.argoproj.io/hook":"PostSync"},"serviceAccount":"keycloak-client-creation"}` | job configuration |
| job.annotations | object | `{"argocd.argoproj.io/hook":"PostSync"}` | custom job annotations |
| job.serviceAccount | string | `"keycloak-client-creation"` | job ServiceAccount name |
| keycloak | object | `{"extraEnvVars":"- name: KEYCLOAK_USER\n value: keycloak-admin\n- name: KEYCLOAK_PASSWORD\n valueFrom:\n secretKeyRef:\n name: keycloak-admin\n key: secret\n","postgresql":{"auth":{"existingSecret":"","secretKeys":{"adminPasswordKey":"password","userPasswordKey":"password"}}}}` | configuration passed to the child 'keyclaok' chart https://github.com/bitnami/charts/tree/main/bitnami/keycloak |
| keycloak.extraEnvVars | string | `"- name: KEYCLOAK_USER\n value: keycloak-admin\n- name: KEYCLOAK_PASSWORD\n valueFrom:\n secretKeyRef:\n name: keycloak-admin\n key: secret\n"` | keycloak environment variables (raw) |
| keycloak.postgresql | object | `{"auth":{"existingSecret":"","secretKeys":{"adminPasswordKey":"password","userPasswordKey":"password"}}}` | configuration for the postgresql sub-chart |
| keycloak.postgresql.auth | object | `{"existingSecret":"","secretKeys":{"adminPasswordKey":"password","userPasswordKey":"password"}}` | authorization configuration |
| keycloak.postgresql.auth.existingSecret | string | `""` | existing secret name |
| keycloak.postgresql.auth.secretKeys.adminPasswordKey | string | `"password"` | admin password key |
| keycloak.postgresql.auth.secretKeys.userPasswordKey | string | `"password"` | user password key |
| keycloakConfig.admin | object | `{"password":{"valueFrom":{"secretKeyRef":{"key":"secret","name":"keycloak-admin"}}},"username":{"value":"keycloak-admin"}}` | admin user configuration |
| keycloakConfig.admin.password | object | `{"valueFrom":{"secretKeyRef":{"key":"secret","name":"keycloak-admin"}}}` | admin password |
| keycloakConfig.admin.password.valueFrom.secretKeyRef.key | string | `"secret"` | key of the password in the secret |
| keycloakConfig.admin.password.valueFrom.secretKeyRef.name | string | `"keycloak-admin"` | name of the secret containing the password |
| keycloakConfig.admin.username.value | string | `"keycloak-admin"` | username |
| keycloakConfig.client | object | `{"name":"openmfp","targetSecret":{"name":"portal-client-secret-openmfp","namespace":"openmfp-system"},"tokenLifespan":3600}` | client configuration |
| keycloakConfig.client.name | string | `"openmfp"` | client name |
| keycloakConfig.client.targetSecret | object | `{"name":"portal-client-secret-openmfp","namespace":"openmfp-system"}` | target secret options |
| keycloakConfig.client.targetSecret.name | string | `"portal-client-secret-openmfp"` | secret name |
| keycloakConfig.client.targetSecret.namespace | string | `"openmfp-system"` | secret namespace |
| keycloakConfig.client.tokenLifespan | int | `3600` | token lifespan |
| keycloakConfig.realm | object | `{"name":"master"}` | realm configuration |
| keycloakConfig.realm.name | string | `"master"` | realm name |
| keycloakConfig.redirectUrls | list | `[]` | redirect urls |
| keycloakConfig.url | string | `"http://keycloak-http.openmfp-system.svc.cluster.local:8080"` | url of the keycloak server |
| keycloakConfig.userRegistration.enabled | bool | `true` | toggle to enable/disable user registration |
| service | object | `{"name":"keycloak","port":8080}` | service configuration |
| service.name | string | `"keycloak"` | service name |
| service.port | int | `8080` | service port |

## Overriding Values

The values in the `defaults:` section can be reused from other charts by using the lookup function "common.getKeyValue". It implements lookup on three levels:

1. Looks for `keyOverride` in the chart's values.yaml
2. Looks for `global.key` in the chart's or parent chart's values.yaml
3. Uses the `key` in the chart's values.yaml
4. Uses the `common.defaults.key` value from the table below.

1 has precedence over 2 over 3 over 4 respectively. This approach allows for individual charts to have minimal configuration, while still being able to override parameters locally.

Example
```
1) .Values.deployment.resources.limits.memoryOverride = 4096MB
2) .Values.global.deployment.resources.limits.memory = 2048MB
3) .Values.deployment.resources.limits.memory = 1024MB
4) .Values.common.defaults.deployment.resources.limits.memory = default 512MB
```

0 comments on commit ca0a0ab

Please sign in to comment.