---
apiVersion: v1
kind: Namespace
metadata:
  name: keycloak
---
apiVersion: helm.toolkit.fluxcd.io/v2
kind: HelmRelease
metadata:
  name: keycloak
  namespace: keycloak
spec:
  interval: 10m
  timeout: 10m
  chart:
    spec:
      chart: keycloakx
      version: "7.1.x"
      sourceRef:
        kind: HelmRepository
        name: codecentric
        namespace: flux-system
  values:
    image:
      repository: quay.io/keycloak/keycloak
      tag: "26.5.5"
    command:
      - "/opt/keycloak/bin/kc.sh"
    args:
      - "start"
      - "--hostname-strict=false"
      - "--http-enabled=true"
      - "--proxy-headers=xforwarded"
    database:
      vendor: postgres
      hostname: pgbouncer.default.svc.cluster.local
      port: 6432
      database: keycloak
      username: keycloak
      existingSecret: keycloak-secrets
      existingSecretKey: db-password
    http:
      relativePath: "/"
    extraEnvFrom: |
      - secretRef:
          name: keycloak-secrets
    ingress:
      enabled: true
      ingressClassName: "traefik"
      annotations:
        cert-manager.io/cluster-issuer: "n0ball-tw-issuer"
      rules:
        - host: keycloak.n0ball.tw
          paths:
            - path: /
              pathType: Prefix
      tls:
        - hosts:
            - keycloak.n0ball.tw
          secretName: keycloak-tls