fix: add Keycloak workaround for Kernels 6.12+

[slaskawi]

Description

This Pull Request introduces a new env setting for Keycloak that enables Mission Heroes to specify additional Environment Variables. This setting can be used for Kernel 6.12+ workaround.

More context

Linux Kernel 6.12 changed the way the missing CGroups v1 are reported. This caused any Java applications to interpret container limits incorrectly (more on this in #1212).

As clarified in Cloud Native Slack with the Keycloak Team, the Red Hat JVM Team will backport all required fixes into lower Java versions. However, the timeline for this remains unknown and it is very likely that we may need this workaround at some point.

Once a patched JVM is out there and used in Keycloak container images, we will revert this change.

Related Issue

Relates to #1212

Type of change

• Bug fix (non-breaking change which fixes an issue)
• New feature (non-breaking change which adds functionality)
• Other (security config, docs update, etc)

Steps to Validate

The easiest way to test this feature is to add this part of the override to the k3d-slim-dev/uds-bundle.yaml:

            - path: env
              value:
                - name: JAVA_OPTS_KC_HEAP
                  value: "-XX:MaxRAMPercentage=70 -XX:MinRAMPercentage=70 -XX:InitialRAMPercentage=50 -XX:MaxRAM=1G"

Then, call uds run slim-dev. Once Keycloak is up and running, check its Pod and the JAVA_OPTS_KC_HEAP Environment Variable should be there.

This Pull Request has been checked against regressions in this Github Actions run. This patch contained hardcoded JAVA_OPTS_KC_HEAP set to -XX:MaxRAMPercentage=70 -XX:MinRAMPercentage=70 -XX:InitialRAMPercentage=50 -XX:MaxRAM=1G and it didn't cause any test failures.

Checklist before merging

• Test, docs, adr added or updated as needed
• Contributor Guide followed

[eddiezane]

Thanks for adding this!

I manually tested this and confirmed it worked.

[mjnagel]

Appreciate the work on this! Just have one small comment on the docs note + a suggestion/thought on @eddiezane's comment.

[slaskawi]

@mjnagel @eddiezane Thanks for the review!

I decided to change the approach and introduce a way to introduce non-standard environment variables in the Keycloak Helm Template - it's called env. With the new setting, you can leverage the Bundle Overrides and pass the JAVA_OPTS_KC_HEAP. I find this approach much more flexible and we could potentially leverage it for doing non-standard things.

In the documentation, I described how to properly use this setting to bypass the Kernel 6.12+ issue.

[mjnagel]

LGTM at this point! Last question - should we maybe add the override of env by default to the dev/demo bundles? I think since we don't expose resources as configurable to the end user in those bundles we could just hardcode the 1G override you had initially. That would allow @eddiezane and others to deploy those bundles without needing to think about the values.

[slaskawi]

LGTM at this point! Last question - should we maybe add the override of env by default to the dev/demo bundles? I think since we don't expose resources as configurable to the end user in those bundles we could just hardcode the 1G override you had initially. That would allow @eddiezane and others to deploy those bundles without needing to think about the values.

Done! Thanks for suggesting this!