From f1c4e18c15250ef0565a1c7a508d40992addcae9 Mon Sep 17 00:00:00 2001 From: Gabriel Mainberger Date: Wed, 20 Nov 2024 16:06:02 +0100 Subject: [PATCH] Migration to Keycloak v25 --- class/defaults.yml | 11 +++----- .../keycloakx/templates/ingress.yaml | 4 +-- .../keycloakx/templates/networkpolicy.yaml | 4 +-- .../keycloakx/templates/prometheusrule.yaml | 4 +-- .../keycloakx/templates/service-headless.yaml | 4 +-- .../keycloakx/templates/service-http.yaml | 4 +-- .../keycloakx/templates/serviceaccount.yaml | 4 +-- .../keycloakx/templates/servicemonitor.yaml | 7 +++--- .../keycloakx/templates/statefulset.yaml | 25 ++++++++++++------- .../keycloakx/templates/ingress.yaml | 4 +-- .../keycloakx/templates/networkpolicy.yaml | 4 +-- .../keycloakx/templates/prometheusrule.yaml | 4 +-- .../keycloakx/templates/service-headless.yaml | 4 +-- .../keycloakx/templates/service-http.yaml | 4 +-- .../keycloakx/templates/serviceaccount.yaml | 4 +-- .../keycloakx/templates/servicemonitor.yaml | 7 +++--- .../keycloakx/templates/statefulset.yaml | 25 ++++++++++++------- .../keycloakx/templates/ingress.yaml | 4 +-- .../keycloakx/templates/networkpolicy.yaml | 4 +-- .../keycloakx/templates/prometheusrule.yaml | 4 +-- .../keycloakx/templates/service-headless.yaml | 4 +-- .../keycloakx/templates/service-http.yaml | 4 +-- .../keycloakx/templates/serviceaccount.yaml | 4 +-- .../keycloakx/templates/servicemonitor.yaml | 7 +++--- .../keycloakx/templates/statefulset.yaml | 25 ++++++++++++------- .../keycloakx/templates/ingress.yaml | 4 +-- .../keycloakx/templates/networkpolicy.yaml | 4 +-- .../keycloakx/templates/prometheusrule.yaml | 4 +-- .../keycloakx/templates/service-headless.yaml | 4 +-- .../keycloakx/templates/service-http.yaml | 4 +-- .../keycloakx/templates/serviceaccount.yaml | 4 +-- .../keycloakx/templates/servicemonitor.yaml | 7 +++--- .../keycloakx/templates/statefulset.yaml | 25 ++++++++++++------- 33 files changed, 132 insertions(+), 103 deletions(-) diff --git a/class/defaults.yml b/class/defaults.yml index ecf5e77b..16a1ff0e 100644 --- a/class/defaults.yml +++ b/class/defaults.yml @@ -43,7 +43,7 @@ parameters: keycloak: registry: quay.io repository: keycloak/keycloak - tag: 24.0.5 + tag: 25.0.6 busybox: registry: docker.io repository: busybox @@ -59,7 +59,7 @@ parameters: charts: keycloakx: source: https://codecentric.github.io/helm-charts - version: v2.3.0 + version: 2.5.1 postgresql: source: https://charts.bitnami.com/bitnami version: 12.12.10 @@ -189,6 +189,8 @@ parameters: tag: ${keycloak:images:keycloak:tag} http: relativePath: ${keycloak:relativePath} + # Required because the Keycloak management port is HTTPS by default but the keycloakx helm chart has a default to HTTP + internalScheme: HTTPS replicas: ${keycloak:replicas} statefulsetLabels: ${keycloak:labels} resources: ${keycloak:resources} @@ -197,7 +199,6 @@ parameters: # See https://www.keycloak.org/server/all-config args: - start - - --http-enabled=true # Helm chart requires it currently # extraEnv *MUST* be a string, as it's fed through a templating # function. @@ -286,10 +287,6 @@ parameters: image: repository: ${keycloak:images:busybox:registry}/${keycloak:images:busybox:repository} tag: ${keycloak:images:busybox:tag} - proxy: - enabled: 'true' - mode: ${keycloak:ingress:tls:termination} - metrics: enabled: ${keycloak:monitoring:enabled} database: diff --git a/tests/golden/builtin/builtin/builtin/01_keycloak_helmchart/keycloakx/templates/ingress.yaml b/tests/golden/builtin/builtin/builtin/01_keycloak_helmchart/keycloakx/templates/ingress.yaml index 9a234b21..4bdd3305 100644 --- a/tests/golden/builtin/builtin/builtin/01_keycloak_helmchart/keycloakx/templates/ingress.yaml +++ b/tests/golden/builtin/builtin/builtin/01_keycloak_helmchart/keycloakx/templates/ingress.yaml @@ -10,8 +10,8 @@ metadata: app.kubernetes.io/instance: builtin app.kubernetes.io/managed-by: commodore app.kubernetes.io/name: keycloak - app.kubernetes.io/version: 24.0.5 - helm.sh/chart: keycloakx-2.3.0 + app.kubernetes.io/version: 25.0.6 + helm.sh/chart: keycloakx-2.5.1 name: keycloakx namespace: syn-builtin spec: diff --git a/tests/golden/builtin/builtin/builtin/01_keycloak_helmchart/keycloakx/templates/networkpolicy.yaml b/tests/golden/builtin/builtin/builtin/01_keycloak_helmchart/keycloakx/templates/networkpolicy.yaml index 635125e7..a9b64b65 100644 --- a/tests/golden/builtin/builtin/builtin/01_keycloak_helmchart/keycloakx/templates/networkpolicy.yaml +++ b/tests/golden/builtin/builtin/builtin/01_keycloak_helmchart/keycloakx/templates/networkpolicy.yaml @@ -5,8 +5,8 @@ metadata: app.kubernetes.io/instance: keycloakx app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: keycloakx - app.kubernetes.io/version: 24.0.5 - helm.sh/chart: keycloakx-2.3.0 + app.kubernetes.io/version: 25.0.6 + helm.sh/chart: keycloakx-2.5.1 name: keycloakx namespace: syn-builtin spec: diff --git a/tests/golden/builtin/builtin/builtin/01_keycloak_helmchart/keycloakx/templates/prometheusrule.yaml b/tests/golden/builtin/builtin/builtin/01_keycloak_helmchart/keycloakx/templates/prometheusrule.yaml index 2c47a07a..f302bc3f 100644 --- a/tests/golden/builtin/builtin/builtin/01_keycloak_helmchart/keycloakx/templates/prometheusrule.yaml +++ b/tests/golden/builtin/builtin/builtin/01_keycloak_helmchart/keycloakx/templates/prometheusrule.yaml @@ -6,8 +6,8 @@ metadata: app.kubernetes.io/instance: builtin app.kubernetes.io/managed-by: commodore app.kubernetes.io/name: keycloak - app.kubernetes.io/version: 24.0.5 - helm.sh/chart: keycloakx-2.3.0 + app.kubernetes.io/version: 25.0.6 + helm.sh/chart: keycloakx-2.5.1 name: keycloakx namespace: syn-builtin spec: diff --git a/tests/golden/builtin/builtin/builtin/01_keycloak_helmchart/keycloakx/templates/service-headless.yaml b/tests/golden/builtin/builtin/builtin/01_keycloak_helmchart/keycloakx/templates/service-headless.yaml index 00c8b0a2..653a80e7 100644 --- a/tests/golden/builtin/builtin/builtin/01_keycloak_helmchart/keycloakx/templates/service-headless.yaml +++ b/tests/golden/builtin/builtin/builtin/01_keycloak_helmchart/keycloakx/templates/service-headless.yaml @@ -6,8 +6,8 @@ metadata: app.kubernetes.io/instance: keycloakx app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: keycloakx - app.kubernetes.io/version: 24.0.5 - helm.sh/chart: keycloakx-2.3.0 + app.kubernetes.io/version: 25.0.6 + helm.sh/chart: keycloakx-2.5.1 name: keycloakx-headless namespace: syn-builtin spec: diff --git a/tests/golden/builtin/builtin/builtin/01_keycloak_helmchart/keycloakx/templates/service-http.yaml b/tests/golden/builtin/builtin/builtin/01_keycloak_helmchart/keycloakx/templates/service-http.yaml index 929c5f4b..d205859d 100644 --- a/tests/golden/builtin/builtin/builtin/01_keycloak_helmchart/keycloakx/templates/service-http.yaml +++ b/tests/golden/builtin/builtin/builtin/01_keycloak_helmchart/keycloakx/templates/service-http.yaml @@ -6,8 +6,8 @@ metadata: app.kubernetes.io/instance: builtin app.kubernetes.io/managed-by: commodore app.kubernetes.io/name: keycloak - app.kubernetes.io/version: 24.0.5 - helm.sh/chart: keycloakx-2.3.0 + app.kubernetes.io/version: 25.0.6 + helm.sh/chart: keycloakx-2.5.1 name: keycloakx-http namespace: syn-builtin spec: diff --git a/tests/golden/builtin/builtin/builtin/01_keycloak_helmchart/keycloakx/templates/serviceaccount.yaml b/tests/golden/builtin/builtin/builtin/01_keycloak_helmchart/keycloakx/templates/serviceaccount.yaml index 757fcfa8..821f09df 100644 --- a/tests/golden/builtin/builtin/builtin/01_keycloak_helmchart/keycloakx/templates/serviceaccount.yaml +++ b/tests/golden/builtin/builtin/builtin/01_keycloak_helmchart/keycloakx/templates/serviceaccount.yaml @@ -8,7 +8,7 @@ metadata: app.kubernetes.io/instance: builtin app.kubernetes.io/managed-by: commodore app.kubernetes.io/name: keycloak - app.kubernetes.io/version: 24.0.5 - helm.sh/chart: keycloakx-2.3.0 + app.kubernetes.io/version: 25.0.6 + helm.sh/chart: keycloakx-2.5.1 name: keycloakx namespace: syn-builtin diff --git a/tests/golden/builtin/builtin/builtin/01_keycloak_helmchart/keycloakx/templates/servicemonitor.yaml b/tests/golden/builtin/builtin/builtin/01_keycloak_helmchart/keycloakx/templates/servicemonitor.yaml index ec6941c2..b894f4f8 100644 --- a/tests/golden/builtin/builtin/builtin/01_keycloak_helmchart/keycloakx/templates/servicemonitor.yaml +++ b/tests/golden/builtin/builtin/builtin/01_keycloak_helmchart/keycloakx/templates/servicemonitor.yaml @@ -6,15 +6,16 @@ metadata: app.kubernetes.io/instance: builtin app.kubernetes.io/managed-by: commodore app.kubernetes.io/name: keycloak - app.kubernetes.io/version: 24.0.5 - helm.sh/chart: keycloakx-2.3.0 + app.kubernetes.io/version: 25.0.6 + helm.sh/chart: keycloakx-2.5.1 name: keycloakx-keycloakx namespace: syn-builtin spec: endpoints: - interval: 10s path: /metrics - port: http + port: http-internal + scheme: https scrapeTimeout: 10s selector: matchLabels: diff --git a/tests/golden/builtin/builtin/builtin/01_keycloak_helmchart/keycloakx/templates/statefulset.yaml b/tests/golden/builtin/builtin/builtin/01_keycloak_helmchart/keycloakx/templates/statefulset.yaml index 4eb7060f..ee3b1c98 100644 --- a/tests/golden/builtin/builtin/builtin/01_keycloak_helmchart/keycloakx/templates/statefulset.yaml +++ b/tests/golden/builtin/builtin/builtin/01_keycloak_helmchart/keycloakx/templates/statefulset.yaml @@ -6,8 +6,8 @@ metadata: app.kubernetes.io/instance: builtin app.kubernetes.io/managed-by: commodore app.kubernetes.io/name: keycloak - app.kubernetes.io/version: 24.0.5 - helm.sh/chart: keycloakx-2.3.0 + app.kubernetes.io/version: 25.0.6 + helm.sh/chart: keycloakx-2.5.1 name: keycloakx namespace: syn-builtin spec: @@ -56,7 +56,6 @@ spec: containers: - args: - start - - --http-enabled=true env: - name: FOO value: bar @@ -86,23 +85,26 @@ spec: value: /etc/x509/https/tls.crt - name: KC_HTTPS_CERTIFICATE_KEY_FILE value: /etc/x509/https/tls.key + - name: KC_HTTP_ENABLED + value: 'true' - name: KC_HTTP_RELATIVE_PATH value: / - name: KC_METRICS_ENABLED value: 'true' - - name: KC_PROXY - value: reencrypt + - name: KC_PROXY_HEADERS + value: forwarded envFrom: - secretRef: name: keycloak-admin-user - secretRef: name: keycloak-postgresql - image: quay.io/keycloak/keycloak:24.0.5 + image: quay.io/keycloak/keycloak:25.0.6 imagePullPolicy: IfNotPresent livenessProbe: httpGet: path: /health/live - port: http + port: http-internal + scheme: HTTPS initialDelaySeconds: 0 timeoutSeconds: 5 name: keycloak @@ -110,13 +112,17 @@ spec: - containerPort: 8080 name: http protocol: TCP + - containerPort: 9000 + name: http-internal + protocol: TCP - containerPort: 8443 name: https protocol: TCP readinessProbe: httpGet: path: /health/ready - port: http + port: http-internal + scheme: HTTPS initialDelaySeconds: 10 timeoutSeconds: 1 resources: @@ -133,7 +139,8 @@ spec: failureThreshold: 60 httpGet: path: /health - port: http + port: http-internal + scheme: HTTPS initialDelaySeconds: 15 periodSeconds: 5 timeoutSeconds: 1 diff --git a/tests/golden/external/external/external/01_keycloak_helmchart/keycloakx/templates/ingress.yaml b/tests/golden/external/external/external/01_keycloak_helmchart/keycloakx/templates/ingress.yaml index f8045497..5e4dd5e2 100644 --- a/tests/golden/external/external/external/01_keycloak_helmchart/keycloakx/templates/ingress.yaml +++ b/tests/golden/external/external/external/01_keycloak_helmchart/keycloakx/templates/ingress.yaml @@ -9,8 +9,8 @@ metadata: app.kubernetes.io/instance: external app.kubernetes.io/managed-by: commodore app.kubernetes.io/name: keycloak - app.kubernetes.io/version: 24.0.5 - helm.sh/chart: keycloakx-2.3.0 + app.kubernetes.io/version: 25.0.6 + helm.sh/chart: keycloakx-2.5.1 name: keycloakx namespace: syn-external spec: diff --git a/tests/golden/external/external/external/01_keycloak_helmchart/keycloakx/templates/networkpolicy.yaml b/tests/golden/external/external/external/01_keycloak_helmchart/keycloakx/templates/networkpolicy.yaml index a4f4743b..840fda5c 100644 --- a/tests/golden/external/external/external/01_keycloak_helmchart/keycloakx/templates/networkpolicy.yaml +++ b/tests/golden/external/external/external/01_keycloak_helmchart/keycloakx/templates/networkpolicy.yaml @@ -5,8 +5,8 @@ metadata: app.kubernetes.io/instance: keycloakx app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: keycloakx - app.kubernetes.io/version: 24.0.5 - helm.sh/chart: keycloakx-2.3.0 + app.kubernetes.io/version: 25.0.6 + helm.sh/chart: keycloakx-2.5.1 name: keycloakx namespace: syn-external spec: diff --git a/tests/golden/external/external/external/01_keycloak_helmchart/keycloakx/templates/prometheusrule.yaml b/tests/golden/external/external/external/01_keycloak_helmchart/keycloakx/templates/prometheusrule.yaml index 814a73d6..58ddcca6 100644 --- a/tests/golden/external/external/external/01_keycloak_helmchart/keycloakx/templates/prometheusrule.yaml +++ b/tests/golden/external/external/external/01_keycloak_helmchart/keycloakx/templates/prometheusrule.yaml @@ -6,8 +6,8 @@ metadata: app.kubernetes.io/instance: external app.kubernetes.io/managed-by: commodore app.kubernetes.io/name: keycloak - app.kubernetes.io/version: 24.0.5 - helm.sh/chart: keycloakx-2.3.0 + app.kubernetes.io/version: 25.0.6 + helm.sh/chart: keycloakx-2.5.1 name: keycloakx namespace: syn-external spec: diff --git a/tests/golden/external/external/external/01_keycloak_helmchart/keycloakx/templates/service-headless.yaml b/tests/golden/external/external/external/01_keycloak_helmchart/keycloakx/templates/service-headless.yaml index 82d1ff81..9b433302 100644 --- a/tests/golden/external/external/external/01_keycloak_helmchart/keycloakx/templates/service-headless.yaml +++ b/tests/golden/external/external/external/01_keycloak_helmchart/keycloakx/templates/service-headless.yaml @@ -6,8 +6,8 @@ metadata: app.kubernetes.io/instance: keycloakx app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: keycloakx - app.kubernetes.io/version: 24.0.5 - helm.sh/chart: keycloakx-2.3.0 + app.kubernetes.io/version: 25.0.6 + helm.sh/chart: keycloakx-2.5.1 name: keycloakx-headless namespace: syn-external spec: diff --git a/tests/golden/external/external/external/01_keycloak_helmchart/keycloakx/templates/service-http.yaml b/tests/golden/external/external/external/01_keycloak_helmchart/keycloakx/templates/service-http.yaml index 5a9f2a0d..1c6cb67c 100644 --- a/tests/golden/external/external/external/01_keycloak_helmchart/keycloakx/templates/service-http.yaml +++ b/tests/golden/external/external/external/01_keycloak_helmchart/keycloakx/templates/service-http.yaml @@ -6,8 +6,8 @@ metadata: app.kubernetes.io/instance: external app.kubernetes.io/managed-by: commodore app.kubernetes.io/name: keycloak - app.kubernetes.io/version: 24.0.5 - helm.sh/chart: keycloakx-2.3.0 + app.kubernetes.io/version: 25.0.6 + helm.sh/chart: keycloakx-2.5.1 name: keycloakx-http namespace: syn-external spec: diff --git a/tests/golden/external/external/external/01_keycloak_helmchart/keycloakx/templates/serviceaccount.yaml b/tests/golden/external/external/external/01_keycloak_helmchart/keycloakx/templates/serviceaccount.yaml index 0c726b31..0291654e 100644 --- a/tests/golden/external/external/external/01_keycloak_helmchart/keycloakx/templates/serviceaccount.yaml +++ b/tests/golden/external/external/external/01_keycloak_helmchart/keycloakx/templates/serviceaccount.yaml @@ -8,7 +8,7 @@ metadata: app.kubernetes.io/instance: external app.kubernetes.io/managed-by: commodore app.kubernetes.io/name: keycloak - app.kubernetes.io/version: 24.0.5 - helm.sh/chart: keycloakx-2.3.0 + app.kubernetes.io/version: 25.0.6 + helm.sh/chart: keycloakx-2.5.1 name: keycloakx namespace: syn-external diff --git a/tests/golden/external/external/external/01_keycloak_helmchart/keycloakx/templates/servicemonitor.yaml b/tests/golden/external/external/external/01_keycloak_helmchart/keycloakx/templates/servicemonitor.yaml index 52d46c96..bec0924b 100644 --- a/tests/golden/external/external/external/01_keycloak_helmchart/keycloakx/templates/servicemonitor.yaml +++ b/tests/golden/external/external/external/01_keycloak_helmchart/keycloakx/templates/servicemonitor.yaml @@ -6,15 +6,16 @@ metadata: app.kubernetes.io/instance: external app.kubernetes.io/managed-by: commodore app.kubernetes.io/name: keycloak - app.kubernetes.io/version: 24.0.5 - helm.sh/chart: keycloakx-2.3.0 + app.kubernetes.io/version: 25.0.6 + helm.sh/chart: keycloakx-2.5.1 name: keycloakx-keycloakx namespace: syn-external spec: endpoints: - interval: 10s path: /metrics - port: http + port: http-internal + scheme: https scrapeTimeout: 10s selector: matchLabels: diff --git a/tests/golden/external/external/external/01_keycloak_helmchart/keycloakx/templates/statefulset.yaml b/tests/golden/external/external/external/01_keycloak_helmchart/keycloakx/templates/statefulset.yaml index c447ef9a..bec75a9f 100644 --- a/tests/golden/external/external/external/01_keycloak_helmchart/keycloakx/templates/statefulset.yaml +++ b/tests/golden/external/external/external/01_keycloak_helmchart/keycloakx/templates/statefulset.yaml @@ -6,8 +6,8 @@ metadata: app.kubernetes.io/instance: external app.kubernetes.io/managed-by: commodore app.kubernetes.io/name: keycloak - app.kubernetes.io/version: 24.0.5 - helm.sh/chart: keycloakx-2.3.0 + app.kubernetes.io/version: 25.0.6 + helm.sh/chart: keycloakx-2.5.1 name: keycloakx namespace: syn-external spec: @@ -56,7 +56,6 @@ spec: containers: - args: - start - - --http-enabled=true env: - name: JAVA_OPTS value: -XX:MaxRAMPercentage=50.0 -Djgroups.dns.query=keycloakx-headless @@ -84,23 +83,26 @@ spec: value: /etc/x509/https/tls.crt - name: KC_HTTPS_CERTIFICATE_KEY_FILE value: /etc/x509/https/tls.key + - name: KC_HTTP_ENABLED + value: 'true' - name: KC_HTTP_RELATIVE_PATH value: / - name: KC_METRICS_ENABLED value: 'true' - - name: KC_PROXY - value: passthrough + - name: KC_PROXY_HEADERS + value: forwarded envFrom: - secretRef: name: keycloak-admin-user - secretRef: name: keycloak-postgresql - image: quay.io/keycloak/keycloak:24.0.5 + image: quay.io/keycloak/keycloak:25.0.6 imagePullPolicy: IfNotPresent livenessProbe: httpGet: path: /health/live - port: http + port: http-internal + scheme: HTTPS initialDelaySeconds: 0 timeoutSeconds: 5 name: keycloak @@ -108,13 +110,17 @@ spec: - containerPort: 8080 name: http protocol: TCP + - containerPort: 9000 + name: http-internal + protocol: TCP - containerPort: 8443 name: https protocol: TCP readinessProbe: httpGet: path: /health/ready - port: http + port: http-internal + scheme: HTTPS initialDelaySeconds: 10 timeoutSeconds: 1 resources: @@ -131,7 +137,8 @@ spec: failureThreshold: 60 httpGet: path: /health - port: http + port: http-internal + scheme: HTTPS initialDelaySeconds: 15 periodSeconds: 5 timeoutSeconds: 1 diff --git a/tests/golden/openshift-postgres/openshift-postgres/openshift-postgres/01_keycloak_helmchart/keycloakx/templates/ingress.yaml b/tests/golden/openshift-postgres/openshift-postgres/openshift-postgres/01_keycloak_helmchart/keycloakx/templates/ingress.yaml index 7add20b8..94dc6f40 100644 --- a/tests/golden/openshift-postgres/openshift-postgres/openshift-postgres/01_keycloak_helmchart/keycloakx/templates/ingress.yaml +++ b/tests/golden/openshift-postgres/openshift-postgres/openshift-postgres/01_keycloak_helmchart/keycloakx/templates/ingress.yaml @@ -10,8 +10,8 @@ metadata: app.kubernetes.io/instance: openshift-postgres app.kubernetes.io/managed-by: commodore app.kubernetes.io/name: keycloak - app.kubernetes.io/version: 24.0.5 - helm.sh/chart: keycloakx-2.3.0 + app.kubernetes.io/version: 25.0.6 + helm.sh/chart: keycloakx-2.5.1 name: keycloakx namespace: syn-openshift-postgres spec: diff --git a/tests/golden/openshift-postgres/openshift-postgres/openshift-postgres/01_keycloak_helmchart/keycloakx/templates/networkpolicy.yaml b/tests/golden/openshift-postgres/openshift-postgres/openshift-postgres/01_keycloak_helmchart/keycloakx/templates/networkpolicy.yaml index 62e470a8..31110141 100644 --- a/tests/golden/openshift-postgres/openshift-postgres/openshift-postgres/01_keycloak_helmchart/keycloakx/templates/networkpolicy.yaml +++ b/tests/golden/openshift-postgres/openshift-postgres/openshift-postgres/01_keycloak_helmchart/keycloakx/templates/networkpolicy.yaml @@ -5,8 +5,8 @@ metadata: app.kubernetes.io/instance: keycloakx app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: keycloakx - app.kubernetes.io/version: 24.0.5 - helm.sh/chart: keycloakx-2.3.0 + app.kubernetes.io/version: 25.0.6 + helm.sh/chart: keycloakx-2.5.1 name: keycloakx namespace: syn-openshift-postgres spec: diff --git a/tests/golden/openshift-postgres/openshift-postgres/openshift-postgres/01_keycloak_helmchart/keycloakx/templates/prometheusrule.yaml b/tests/golden/openshift-postgres/openshift-postgres/openshift-postgres/01_keycloak_helmchart/keycloakx/templates/prometheusrule.yaml index c7d20def..60e1a3b7 100644 --- a/tests/golden/openshift-postgres/openshift-postgres/openshift-postgres/01_keycloak_helmchart/keycloakx/templates/prometheusrule.yaml +++ b/tests/golden/openshift-postgres/openshift-postgres/openshift-postgres/01_keycloak_helmchart/keycloakx/templates/prometheusrule.yaml @@ -6,8 +6,8 @@ metadata: app.kubernetes.io/instance: openshift-postgres app.kubernetes.io/managed-by: commodore app.kubernetes.io/name: keycloak - app.kubernetes.io/version: 24.0.5 - helm.sh/chart: keycloakx-2.3.0 + app.kubernetes.io/version: 25.0.6 + helm.sh/chart: keycloakx-2.5.1 name: keycloakx namespace: syn-openshift-postgres spec: diff --git a/tests/golden/openshift-postgres/openshift-postgres/openshift-postgres/01_keycloak_helmchart/keycloakx/templates/service-headless.yaml b/tests/golden/openshift-postgres/openshift-postgres/openshift-postgres/01_keycloak_helmchart/keycloakx/templates/service-headless.yaml index 1ae4346a..814293f6 100644 --- a/tests/golden/openshift-postgres/openshift-postgres/openshift-postgres/01_keycloak_helmchart/keycloakx/templates/service-headless.yaml +++ b/tests/golden/openshift-postgres/openshift-postgres/openshift-postgres/01_keycloak_helmchart/keycloakx/templates/service-headless.yaml @@ -6,8 +6,8 @@ metadata: app.kubernetes.io/instance: keycloakx app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: keycloakx - app.kubernetes.io/version: 24.0.5 - helm.sh/chart: keycloakx-2.3.0 + app.kubernetes.io/version: 25.0.6 + helm.sh/chart: keycloakx-2.5.1 name: keycloakx-headless namespace: syn-openshift-postgres spec: diff --git a/tests/golden/openshift-postgres/openshift-postgres/openshift-postgres/01_keycloak_helmchart/keycloakx/templates/service-http.yaml b/tests/golden/openshift-postgres/openshift-postgres/openshift-postgres/01_keycloak_helmchart/keycloakx/templates/service-http.yaml index 8368ceab..ac886b61 100644 --- a/tests/golden/openshift-postgres/openshift-postgres/openshift-postgres/01_keycloak_helmchart/keycloakx/templates/service-http.yaml +++ b/tests/golden/openshift-postgres/openshift-postgres/openshift-postgres/01_keycloak_helmchart/keycloakx/templates/service-http.yaml @@ -6,8 +6,8 @@ metadata: app.kubernetes.io/instance: openshift-postgres app.kubernetes.io/managed-by: commodore app.kubernetes.io/name: keycloak - app.kubernetes.io/version: 24.0.5 - helm.sh/chart: keycloakx-2.3.0 + app.kubernetes.io/version: 25.0.6 + helm.sh/chart: keycloakx-2.5.1 name: keycloakx-http namespace: syn-openshift-postgres spec: diff --git a/tests/golden/openshift-postgres/openshift-postgres/openshift-postgres/01_keycloak_helmchart/keycloakx/templates/serviceaccount.yaml b/tests/golden/openshift-postgres/openshift-postgres/openshift-postgres/01_keycloak_helmchart/keycloakx/templates/serviceaccount.yaml index 9fd592a4..ecb642e6 100644 --- a/tests/golden/openshift-postgres/openshift-postgres/openshift-postgres/01_keycloak_helmchart/keycloakx/templates/serviceaccount.yaml +++ b/tests/golden/openshift-postgres/openshift-postgres/openshift-postgres/01_keycloak_helmchart/keycloakx/templates/serviceaccount.yaml @@ -8,7 +8,7 @@ metadata: app.kubernetes.io/instance: openshift-postgres app.kubernetes.io/managed-by: commodore app.kubernetes.io/name: keycloak - app.kubernetes.io/version: 24.0.5 - helm.sh/chart: keycloakx-2.3.0 + app.kubernetes.io/version: 25.0.6 + helm.sh/chart: keycloakx-2.5.1 name: keycloakx namespace: syn-openshift-postgres diff --git a/tests/golden/openshift-postgres/openshift-postgres/openshift-postgres/01_keycloak_helmchart/keycloakx/templates/servicemonitor.yaml b/tests/golden/openshift-postgres/openshift-postgres/openshift-postgres/01_keycloak_helmchart/keycloakx/templates/servicemonitor.yaml index e1b11625..b8f0853f 100644 --- a/tests/golden/openshift-postgres/openshift-postgres/openshift-postgres/01_keycloak_helmchart/keycloakx/templates/servicemonitor.yaml +++ b/tests/golden/openshift-postgres/openshift-postgres/openshift-postgres/01_keycloak_helmchart/keycloakx/templates/servicemonitor.yaml @@ -6,15 +6,16 @@ metadata: app.kubernetes.io/instance: openshift-postgres app.kubernetes.io/managed-by: commodore app.kubernetes.io/name: keycloak - app.kubernetes.io/version: 24.0.5 - helm.sh/chart: keycloakx-2.3.0 + app.kubernetes.io/version: 25.0.6 + helm.sh/chart: keycloakx-2.5.1 name: keycloakx-keycloakx namespace: syn-openshift-postgres spec: endpoints: - interval: 10s path: /metrics - port: http + port: http-internal + scheme: https scrapeTimeout: 10s selector: matchLabels: diff --git a/tests/golden/openshift-postgres/openshift-postgres/openshift-postgres/01_keycloak_helmchart/keycloakx/templates/statefulset.yaml b/tests/golden/openshift-postgres/openshift-postgres/openshift-postgres/01_keycloak_helmchart/keycloakx/templates/statefulset.yaml index 117d18bc..44acda12 100644 --- a/tests/golden/openshift-postgres/openshift-postgres/openshift-postgres/01_keycloak_helmchart/keycloakx/templates/statefulset.yaml +++ b/tests/golden/openshift-postgres/openshift-postgres/openshift-postgres/01_keycloak_helmchart/keycloakx/templates/statefulset.yaml @@ -6,8 +6,8 @@ metadata: app.kubernetes.io/instance: openshift-postgres app.kubernetes.io/managed-by: commodore app.kubernetes.io/name: keycloak - app.kubernetes.io/version: 24.0.5 - helm.sh/chart: keycloakx-2.3.0 + app.kubernetes.io/version: 25.0.6 + helm.sh/chart: keycloakx-2.5.1 name: keycloakx namespace: syn-openshift-postgres spec: @@ -56,7 +56,6 @@ spec: containers: - args: - start - - --http-enabled=true env: - name: JAVA_OPTS value: -XX:MaxRAMPercentage=50.0 -Djgroups.dns.query=keycloakx-headless @@ -84,23 +83,26 @@ spec: value: /etc/x509/https/tls.crt - name: KC_HTTPS_CERTIFICATE_KEY_FILE value: /etc/x509/https/tls.key + - name: KC_HTTP_ENABLED + value: 'true' - name: KC_HTTP_RELATIVE_PATH value: / - name: KC_METRICS_ENABLED value: 'true' - - name: KC_PROXY - value: reencrypt + - name: KC_PROXY_HEADERS + value: forwarded envFrom: - secretRef: name: keycloak-admin-user - secretRef: name: keycloak-postgresql - image: quay.io/keycloak/keycloak:24.0.5 + image: quay.io/keycloak/keycloak:25.0.6 imagePullPolicy: IfNotPresent livenessProbe: httpGet: path: /health/live - port: http + port: http-internal + scheme: HTTPS initialDelaySeconds: 0 timeoutSeconds: 5 name: keycloak @@ -108,13 +110,17 @@ spec: - containerPort: 8080 name: http protocol: TCP + - containerPort: 9000 + name: http-internal + protocol: TCP - containerPort: 8443 name: https protocol: TCP readinessProbe: httpGet: path: /health/ready - port: http + port: http-internal + scheme: HTTPS initialDelaySeconds: 10 timeoutSeconds: 1 resources: @@ -131,7 +137,8 @@ spec: failureThreshold: 60 httpGet: path: /health - port: http + port: http-internal + scheme: HTTPS initialDelaySeconds: 15 periodSeconds: 5 timeoutSeconds: 1 diff --git a/tests/golden/openshift/openshift/openshift/01_keycloak_helmchart/keycloakx/templates/ingress.yaml b/tests/golden/openshift/openshift/openshift/01_keycloak_helmchart/keycloakx/templates/ingress.yaml index dee8a3ac..6770072a 100644 --- a/tests/golden/openshift/openshift/openshift/01_keycloak_helmchart/keycloakx/templates/ingress.yaml +++ b/tests/golden/openshift/openshift/openshift/01_keycloak_helmchart/keycloakx/templates/ingress.yaml @@ -10,8 +10,8 @@ metadata: app.kubernetes.io/instance: openshift app.kubernetes.io/managed-by: commodore app.kubernetes.io/name: keycloak - app.kubernetes.io/version: 24.0.5 - helm.sh/chart: keycloakx-2.3.0 + app.kubernetes.io/version: 25.0.6 + helm.sh/chart: keycloakx-2.5.1 name: keycloakx namespace: keycloak-dev spec: diff --git a/tests/golden/openshift/openshift/openshift/01_keycloak_helmchart/keycloakx/templates/networkpolicy.yaml b/tests/golden/openshift/openshift/openshift/01_keycloak_helmchart/keycloakx/templates/networkpolicy.yaml index 125232cb..f2010e88 100644 --- a/tests/golden/openshift/openshift/openshift/01_keycloak_helmchart/keycloakx/templates/networkpolicy.yaml +++ b/tests/golden/openshift/openshift/openshift/01_keycloak_helmchart/keycloakx/templates/networkpolicy.yaml @@ -5,8 +5,8 @@ metadata: app.kubernetes.io/instance: keycloakx app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: keycloakx - app.kubernetes.io/version: 24.0.5 - helm.sh/chart: keycloakx-2.3.0 + app.kubernetes.io/version: 25.0.6 + helm.sh/chart: keycloakx-2.5.1 name: keycloakx namespace: keycloak-dev spec: diff --git a/tests/golden/openshift/openshift/openshift/01_keycloak_helmchart/keycloakx/templates/prometheusrule.yaml b/tests/golden/openshift/openshift/openshift/01_keycloak_helmchart/keycloakx/templates/prometheusrule.yaml index 0676f442..b080a08b 100644 --- a/tests/golden/openshift/openshift/openshift/01_keycloak_helmchart/keycloakx/templates/prometheusrule.yaml +++ b/tests/golden/openshift/openshift/openshift/01_keycloak_helmchart/keycloakx/templates/prometheusrule.yaml @@ -6,8 +6,8 @@ metadata: app.kubernetes.io/instance: openshift app.kubernetes.io/managed-by: commodore app.kubernetes.io/name: keycloak - app.kubernetes.io/version: 24.0.5 - helm.sh/chart: keycloakx-2.3.0 + app.kubernetes.io/version: 25.0.6 + helm.sh/chart: keycloakx-2.5.1 name: keycloakx namespace: keycloak-dev spec: diff --git a/tests/golden/openshift/openshift/openshift/01_keycloak_helmchart/keycloakx/templates/service-headless.yaml b/tests/golden/openshift/openshift/openshift/01_keycloak_helmchart/keycloakx/templates/service-headless.yaml index e78de160..f376bf48 100644 --- a/tests/golden/openshift/openshift/openshift/01_keycloak_helmchart/keycloakx/templates/service-headless.yaml +++ b/tests/golden/openshift/openshift/openshift/01_keycloak_helmchart/keycloakx/templates/service-headless.yaml @@ -6,8 +6,8 @@ metadata: app.kubernetes.io/instance: keycloakx app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: keycloakx - app.kubernetes.io/version: 24.0.5 - helm.sh/chart: keycloakx-2.3.0 + app.kubernetes.io/version: 25.0.6 + helm.sh/chart: keycloakx-2.5.1 name: keycloakx-headless namespace: keycloak-dev spec: diff --git a/tests/golden/openshift/openshift/openshift/01_keycloak_helmchart/keycloakx/templates/service-http.yaml b/tests/golden/openshift/openshift/openshift/01_keycloak_helmchart/keycloakx/templates/service-http.yaml index 6079095f..249cd150 100644 --- a/tests/golden/openshift/openshift/openshift/01_keycloak_helmchart/keycloakx/templates/service-http.yaml +++ b/tests/golden/openshift/openshift/openshift/01_keycloak_helmchart/keycloakx/templates/service-http.yaml @@ -8,8 +8,8 @@ metadata: app.kubernetes.io/instance: openshift app.kubernetes.io/managed-by: commodore app.kubernetes.io/name: keycloak - app.kubernetes.io/version: 24.0.5 - helm.sh/chart: keycloakx-2.3.0 + app.kubernetes.io/version: 25.0.6 + helm.sh/chart: keycloakx-2.5.1 name: keycloakx-http namespace: keycloak-dev spec: diff --git a/tests/golden/openshift/openshift/openshift/01_keycloak_helmchart/keycloakx/templates/serviceaccount.yaml b/tests/golden/openshift/openshift/openshift/01_keycloak_helmchart/keycloakx/templates/serviceaccount.yaml index e840dc59..aebbcb80 100644 --- a/tests/golden/openshift/openshift/openshift/01_keycloak_helmchart/keycloakx/templates/serviceaccount.yaml +++ b/tests/golden/openshift/openshift/openshift/01_keycloak_helmchart/keycloakx/templates/serviceaccount.yaml @@ -8,7 +8,7 @@ metadata: app.kubernetes.io/instance: openshift app.kubernetes.io/managed-by: commodore app.kubernetes.io/name: keycloak - app.kubernetes.io/version: 24.0.5 - helm.sh/chart: keycloakx-2.3.0 + app.kubernetes.io/version: 25.0.6 + helm.sh/chart: keycloakx-2.5.1 name: keycloakx namespace: keycloak-dev diff --git a/tests/golden/openshift/openshift/openshift/01_keycloak_helmchart/keycloakx/templates/servicemonitor.yaml b/tests/golden/openshift/openshift/openshift/01_keycloak_helmchart/keycloakx/templates/servicemonitor.yaml index a55cf01a..5488968d 100644 --- a/tests/golden/openshift/openshift/openshift/01_keycloak_helmchart/keycloakx/templates/servicemonitor.yaml +++ b/tests/golden/openshift/openshift/openshift/01_keycloak_helmchart/keycloakx/templates/servicemonitor.yaml @@ -6,15 +6,16 @@ metadata: app.kubernetes.io/instance: openshift app.kubernetes.io/managed-by: commodore app.kubernetes.io/name: keycloak - app.kubernetes.io/version: 24.0.5 - helm.sh/chart: keycloakx-2.3.0 + app.kubernetes.io/version: 25.0.6 + helm.sh/chart: keycloakx-2.5.1 name: keycloakx-keycloakx namespace: keycloak-dev spec: endpoints: - interval: 10s path: /metrics - port: http + port: http-internal + scheme: https scrapeTimeout: 10s selector: matchLabels: diff --git a/tests/golden/openshift/openshift/openshift/01_keycloak_helmchart/keycloakx/templates/statefulset.yaml b/tests/golden/openshift/openshift/openshift/01_keycloak_helmchart/keycloakx/templates/statefulset.yaml index 0ebe12ad..d22eb49f 100644 --- a/tests/golden/openshift/openshift/openshift/01_keycloak_helmchart/keycloakx/templates/statefulset.yaml +++ b/tests/golden/openshift/openshift/openshift/01_keycloak_helmchart/keycloakx/templates/statefulset.yaml @@ -6,8 +6,8 @@ metadata: app.kubernetes.io/instance: openshift app.kubernetes.io/managed-by: commodore app.kubernetes.io/name: keycloak - app.kubernetes.io/version: 24.0.5 - helm.sh/chart: keycloakx-2.3.0 + app.kubernetes.io/version: 25.0.6 + helm.sh/chart: keycloakx-2.5.1 name: keycloakx namespace: keycloak-dev spec: @@ -56,7 +56,6 @@ spec: containers: - args: - start - - --http-enabled=true env: - name: JAVA_OPTS value: -XX:MaxRAMPercentage=50.0 -Djgroups.dns.query=keycloakx-headless @@ -84,23 +83,26 @@ spec: value: /etc/x509/https/tls.crt - name: KC_HTTPS_CERTIFICATE_KEY_FILE value: /etc/x509/https/tls.key + - name: KC_HTTP_ENABLED + value: 'true' - name: KC_HTTP_RELATIVE_PATH value: / - name: KC_METRICS_ENABLED value: 'true' - - name: KC_PROXY - value: reencrypt + - name: KC_PROXY_HEADERS + value: forwarded envFrom: - secretRef: name: keycloak-admin-user - secretRef: name: keycloak-postgresql - image: quay.io/keycloak/keycloak:24.0.5 + image: quay.io/keycloak/keycloak:25.0.6 imagePullPolicy: IfNotPresent livenessProbe: httpGet: path: /health/live - port: http + port: http-internal + scheme: HTTPS initialDelaySeconds: 0 timeoutSeconds: 5 name: keycloak @@ -108,13 +110,17 @@ spec: - containerPort: 8080 name: http protocol: TCP + - containerPort: 9000 + name: http-internal + protocol: TCP - containerPort: 8443 name: https protocol: TCP readinessProbe: httpGet: path: /health/ready - port: http + port: http-internal + scheme: HTTPS initialDelaySeconds: 10 timeoutSeconds: 1 resources: @@ -129,7 +135,8 @@ spec: failureThreshold: 60 httpGet: path: /health - port: http + port: http-internal + scheme: HTTPS initialDelaySeconds: 15 periodSeconds: 5 timeoutSeconds: 1