---
apiVersion: helm.cattle.io/v1
kind: HelmChart
metadata:
  name: keycloak
  namespace: auth-system
spec:
  chart: oci://registry-1.docker.io/bitnamicharts/keycloak
  valuesContent: |-
    global:
      storageClass: longhorn
    clusterDomain: k3s.tyil.nl
    externalDatabase:
      existingSecret: keycloak-database
      existingSecretHostKey: host
      existingSecretPortKey: port
      existingSecretUserKey: user
      existingSecretDatabaseKey: database
      existingSecretPasswordKey: password
    extraEnvVars:
    - name: KC_HOSTNAME_URL
      value: "https://keycloak.tyil.nl"
    - name: KC_HOSTNAME_ADMIN_URL
      value: "https://keycloak.tyil.nl"
    - name: KC_PROXY
      value: "edge"
    resources:
      requests:
        cpu: 100m
        memory: 512Mi
      limits:
        cpu: 200m
        memory: 1024Mi
    ingress:
      enabled: true
      certManager: true
      tls: true
      hostname: keycloak.tyil.nl
      annotations:
        cert-manager.io/cluster-issuer: "letsencrypt-production"
        traefik.ingress.kubernetes.io/router.middlewares: kube-system-redirect-https@kubernetescrd
      ingressClassName: traefik
    metrics:
      enabled: true
      serviceMonitor:
        enabled: true
    postgresql:
      enabled: false
...