chore: Bump keycloak version(#38)

* moved mainRealm creation from keycloak values to extensions-oidc CR
Jira: EPMDEDP-13111

Related: #38
Change-Id: I4bc5a8ad2de7f31361602b53db03e0485d7cc289

README.md

@@ -63,7 +63,7 @@ make update-readme
 | harbor-ha-okd          | 1.13.0    | 2.9.0        | False             | False    |
 | ingress-nginx          | 4.7.3     | 1.8.4        | False             | False    |
 | jaeger-operator        | 1.45.0    | 1.45.0       | False             | False    |
-| keycloak               | 0.1.1     | 1.0          | False             | False    |
+| keycloak               | 2.3.0     | 22.0.4       | False             | False    |
 | keycloak-postgresql    | 0.1.1     | 1.0          | False             | False    |
 | minio-operator         | 0.1.0     | 5.0.5        | False             | False    |
 | nexus                  | 61.0.2    | 3.61.0       | False             | False    |

add-ons/keycloak/Chart.yaml

@@ -8,13 +8,13 @@ type: application
 
 # The chart version. This version number should be incremented each time you make changes
 # to the chart and its templates, including the app version.
-version: 0.1.1
+version: 2.3.0
 
 # Version number of the application being deployed. This version number should be
 # incremented each time you make changes to the application.
-appVersion: "1.0"
+appVersion: "22.0.4"
 
 dependencies:
 - name: keycloakx
-  version: 2.2.1
+  version: 2.3.0
   repository: https://codecentric.github.io/helm-charts

add-ons/keycloak/README.md

@@ -1,14 +1,14 @@
 # keycloak
 
-![Version: 0.1.1](https://img.shields.io/badge/Version-0.1.1-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 1.0](https://img.shields.io/badge/AppVersion-1.0-informational?style=flat-square)
+![Version: 2.3.0](https://img.shields.io/badge/Version-2.3.0-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 22.0.4](https://img.shields.io/badge/AppVersion-22.0.4-informational?style=flat-square)
 
 A Helm chart for Keycloak
 
 ## Requirements
 
 | Repository | Name | Version |
 |------------|------|---------|
-| https://codecentric.github.io/helm-charts | keycloakx | 2.2.1 |
+| https://codecentric.github.io/helm-charts | keycloakx | 2.3.0 |
 
 ## Values
 
@@ -44,19 +44,21 @@ A Helm chart for Keycloak
 | keycloakx.database.username | string | `"admin"` |  |
 | keycloakx.database.vendor | string | `"postgres"` |  |
 | keycloakx.dbchecker.enabled | bool | `true` |  |
-| keycloakx.extraEnv | string | `"- name: KC_PROXY\n  value: \"passthrough\"\n- name: KEYCLOAK_ADMIN\n  valueFrom:\n    secretKeyRef:\n      name: keycloak-admin-creds\n      key: username\n- name: KEYCLOAK_ADMIN_PASSWORD\n  valueFrom:\n    secretKeyRef:\n      name: keycloak-admin-creds\n      key: password\n- name: JAVA_OPTS_APPEND\n  value: >-\n    -XX:+UseContainerSupport\n    -XX:MaxRAMPercentage=50.0\n    -Djava.awt.headless=true\n    -Djgroups.dns.query={{ include \"keycloak.fullname\" . }}-headless\n"` |  |
-| keycloakx.extraInitContainers | string | `"- name: realm-provider\n  image: busybox\n  imagePullPolicy: IfNotPresent\n  command:\n    - sh\n  args:\n    - -c\n    - |\n      echo '{\"realm\": \"openshift\",\"enabled\": true}' > /opt/keycloak/data/import/openshift.json\n  volumeMounts:\n    - name: realm\n      mountPath: /opt/keycloak/data/import\n"` |  |
-| keycloakx.extraVolumeMounts | string | `"- name: realm\n  mountPath: /opt/keycloak/data/import\n"` |  |
-| keycloakx.extraVolumes | string | `"- name: realm\n  emptyDir: {}\n"` |  |
+| keycloakx.extraEnv | string | `"- name: KC_HOSTNAME_URL\n  value: \"https://keycloak.example.com/auth\"\n- name: KC_HOSTNAME_ADMIN_URL\n  value: \"https://keycloak.example.com/auth\"\n- name: KEYCLOAK_ADMIN\n  valueFrom:\n    secretKeyRef:\n      name: keycloak-admin-creds\n      key: username\n- name: KEYCLOAK_ADMIN_PASSWORD\n  valueFrom:\n    secretKeyRef:\n      name: keycloak-admin-creds\n      key: password\n- name: JAVA_OPTS_APPEND\n  value: >-\n    -XX:+UseContainerSupport\n    -XX:MaxRAMPercentage=50.0\n    -Djava.awt.headless=true\n    -Djgroups.dns.query={{ include \"keycloak.fullname\" . }}-headless\n"` |  |
+| keycloakx.extraEnvFrom | string | `"- secretRef:\n    name: 'keycloak-admin-creds'\n"` |  |
 | keycloakx.fullnameOverride | string | `"keycloakx"` |  |
-| keycloakx.image.tag | string | `"20.0.3"` |  |
+| keycloakx.health.enabled | bool | `false` |  |
 | keycloakx.ingress.annotations."ingress.kubernetes.io/affinity" | string | `"cookie"` |  |
 | keycloakx.ingress.annotations."kubernetes.io/ingress.class" | string | `"nginx"` |  |
+| keycloakx.ingress.console.enabled | bool | `false` |  |
 | keycloakx.ingress.enabled | bool | `true` |  |
 | keycloakx.ingress.rules[0].host | string | `"keycloak.example.com"` |  |
 | keycloakx.ingress.rules[0].paths[0].path | string | `"{{ tpl .Values.http.relativePath $ | trimSuffix \"/\" }}/"` |  |
 | keycloakx.ingress.rules[0].paths[0].pathType | string | `"Prefix"` |  |
+| keycloakx.metrics.enabled | bool | `false` |  |
 | keycloakx.nameOverride | string | `"keycloakx"` |  |
+| keycloakx.proxy.enabled | bool | `true` |  |
+| keycloakx.proxy.mode | string | `"passthrough"` |  |
 | keycloakx.replicas | int | `1` |  |
 | keycloakx.resources.limits.memory | string | `"2048Mi"` |  |
 | keycloakx.resources.requests.cpu | string | `"50m"` |  |

add-ons/keycloak/values.yaml

@@ -3,32 +3,12 @@ keycloakx:
   fullnameOverride: keycloakx
   replicas: 1
 
-  # Deploy the latest version
-  image:
-    tag: "20.0.3"
-
-  # start: create OpenShift realm which is required by EDP
-  extraInitContainers: |
-    - name: realm-provider
-      image: busybox
-      imagePullPolicy: IfNotPresent
-      command:
-        - sh
-      args:
-        - -c
-        - |
-          echo '{"realm": "openshift","enabled": true}' > /opt/keycloak/data/import/openshift.json
-      volumeMounts:
-        - name: realm
-          mountPath: /opt/keycloak/data/import
-
-  extraVolumeMounts: |
-    - name: realm
-      mountPath: /opt/keycloak/data/import
-
-  extraVolumes: |
-    - name: realm
-      emptyDir: {}
+  # The following parameter is unrecommended to expose. Exposed health checks lead to an unnecessary attack vector.
+  health:
+    enabled: false
+  # The following parameter is unrecommended to expose. Exposed metrics lead to an unnecessary attack vector.
+  metrics:
+    enabled: false
 
   command:
     - "/opt/keycloak/bin/kc.sh"
@@ -43,9 +23,14 @@ keycloakx:
     - "--spi-events-listener-jboss-logging-error-level=warn"
     - "--import-realm"
 
+  # Additional environment variables for Keycloak.
+  # Environment variables "KC_HOSTNAME ADMIN_URL" and "KC_HOSTNAME URL" for working in "passthrough" mode,
+  # if they are not defined there will be an eternal loading of "LOGIN ADMIN UI"
   extraEnv: |
-    - name: KC_PROXY
-      value: "passthrough"
+    - name: KC_HOSTNAME_URL
+      value: "https://keycloak.example.com/auth"
+    - name: KC_HOSTNAME_ADMIN_URL
+      value: "https://keycloak.example.com/auth"
     - name: KEYCLOAK_ADMIN
       valueFrom:
         secretKeyRef:
@@ -69,12 +54,19 @@ keycloakx:
     annotations:
       kubernetes.io/ingress.class: nginx
       ingress.kubernetes.io/affinity: cookie
+    # The following parameter is unrecommended to expose. Admin paths lead to an unnecessary attack vector.
+    console:
+      enabled: false
     rules:
       - host: keycloak.example.com
         paths:
           - path: '{{ tpl .Values.http.relativePath $ | trimSuffix "/" }}/'
             pathType: Prefix
 
+  proxy:
+    enabled: true
+    mode: "passthrough"
+
   # This block should be uncommented if you set Keycloak to OpenShift and change the host field
   # route:
   #   enabled: false