deps: update keycloak bitnamichart to 25.2.0

charts/camunda-platform-8.8/Chart.yaml

@@ -30,7 +30,7 @@ dependencies:
   - name: keycloak
     alias: identityKeycloak
     repository: oci://registry-1.docker.io/bitnamicharts
-    version: 24.9.0
+    version: 25.2.0
     condition: "identityKeycloak.enabled"
   - name: postgresql
     alias: identityPostgresql

charts/camunda-platform-8.8/README.md

@@ -719,7 +719,7 @@ Please see the corresponding [release guide](../../docs/release.md) to find out
 | `identityKeycloak.nameOverride`                                                         | the name used for Keycloak.                                                                                                                                                                                                                                                                              | `keycloak`                                                                               |
 | `identityKeycloak.image`                                                                | configuration.                                                                                                                                                                                                                                                                                           |                                                                                          |
 | `identityKeycloak.image.repository`                                                     | image repo                                                                                                                                                                                                                                                                                               | `camunda/keycloak`                                                                       |
-| `identityKeycloak.image.tag`                                                            | image tag                                                                                                                                                                                                                                                                                                | `26.1.4`                                                                                 |
+| `identityKeycloak.image.tag`                                                            | image tag                                                                                                                                                                                                                                                                                                | `26.3.1`                                                                                 |
 | `identityKeycloak.image.digest`                                                         | can be used to set image digest (overrides tag if set, e.g. "sha256:abcd...")                                                                                                                                                                                                                            | `""`                                                                                     |
 | `identityKeycloak.resources`                                                            | configuration of resource requests and limits for the container, see https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/#requests-and-limits                                                                                                                                  |                                                                                          |
 | `identityKeycloak.resources.requests.cpu`                                               |                                                                                                                                                                                                                                                                                                          | `1000m`                                                                                  |

charts/camunda-platform-8.8/test/unit/common/golden/keycloak-statefulset.golden.yaml

@@ -9,31 +9,32 @@ metadata:
     app.kubernetes.io/instance: camunda-platform-test
     app.kubernetes.io/managed-by: Helm
     app.kubernetes.io/name: keycloak
-    app.kubernetes.io/version: 26.3.2
+    app.kubernetes.io/version: 26.3.3
     app.kubernetes.io/component: keycloak
+    app.kubernetes.io/part-of: keycloak
 spec:
   replicas: 1
   revisionHistoryLimit: 10
   podManagementPolicy: Parallel
   serviceName: camunda-platform-test-keycloak-headless
   updateStrategy:
-    rollingUpdate: {}
     type: RollingUpdate
   selector:
     matchLabels:
       app.kubernetes.io/instance: camunda-platform-test
       app.kubernetes.io/name: keycloak
       app.kubernetes.io/component: keycloak
+      app.kubernetes.io/part-of: keycloak
   template:
     metadata:
       annotations:
       labels:
         app.kubernetes.io/instance: camunda-platform-test
         app.kubernetes.io/managed-by: Helm
         app.kubernetes.io/name: keycloak
-        app.kubernetes.io/version: 26.3.2
+        app.kubernetes.io/version: 26.3.3
         app.kubernetes.io/component: keycloak
-        app.kubernetes.io/app-version: 26.3.2
+        app.kubernetes.io/part-of: keycloak
     spec:
       serviceAccountName: camunda-platform-test-keycloak
 
@@ -48,6 +49,7 @@ spec:
                   matchLabels:
                     app.kubernetes.io/instance: camunda-platform-test
                     app.kubernetes.io/name: keycloak
+                    app.kubernetes.io/component: keycloak
                 topologyKey: kubernetes.io/hostname
               weight: 1
         nodeAffinity:
@@ -61,23 +63,8 @@ spec:
       enableServiceLinks: true
       initContainers:
         - name: prepare-write-dirs
-          image: docker.io/camunda/keycloak:26.1.4
+          image: docker.io/camunda/keycloak:26.3.1
           imagePullPolicy: IfNotPresent
-          command:
-            - /bin/bash
-          args:
-            - -ec
-            - |
-              . /opt/bitnami/scripts/liblog.sh
-
-              info "Copying writable dirs to empty dir"
-              # In order to not break the application functionality we need to make some
-              # directories writable, so we need to copy it to an empty dir volume
-              cp -r --preserve=mode,timestamps /opt/bitnami/keycloak/lib/quarkus /emptydir/app-quarkus-dir
-              cp -r --preserve=mode,timestamps /opt/bitnami/keycloak/data /emptydir/app-data-dir
-              cp -r --preserve=mode,timestamps /opt/bitnami/keycloak/providers /emptydir/app-providers-dir
-              cp -r --preserve=mode,timestamps /opt/bitnami/keycloak/themes /emptydir/app-themes-dir
-              info "Copy operation completed"
           securityContext:
             allowPrivilegeEscalation: false
             capabilities:
@@ -93,17 +80,34 @@ spec:
               type: RuntimeDefault
           resources:
             limits:
-              cpu: 2000m
-              memory: 2Gi
+              cpu: 150m
+              ephemeral-storage: 2Gi
+              memory: 192Mi
             requests:
-              cpu: 1000m
-              memory: 1Gi
+              cpu: 100m
+              ephemeral-storage: 50Mi
+              memory: 128Mi
+          command:
+            - /bin/bash
+          args:
+            - -ec
+            - |
+              . /opt/bitnami/scripts/liblog.sh
+
+              info "Copying writable dirs to empty dir"
+              # In order to not break the application functionality we need to make some
+              # directories writable, so we need to copy it to an empty dir volume
+              cp -r --preserve=mode,timestamps /opt/bitnami/keycloak/lib/quarkus /emptydir/app-quarkus-dir
+              cp -r --preserve=mode,timestamps /opt/bitnami/keycloak/data /emptydir/app-data-dir
+              cp -r --preserve=mode,timestamps /opt/bitnami/keycloak/providers /emptydir/app-providers-dir
+              cp -r --preserve=mode,timestamps /opt/bitnami/keycloak/themes /emptydir/app-themes-dir
+              info "Copy operation completed"
           volumeMounts:
            - name: empty-dir
              mountPath: /emptydir
       containers:
         - name: keycloak
-          image: docker.io/camunda/keycloak:26.1.4
+          image: docker.io/camunda/keycloak:26.3.1
           imagePullPolicy: IfNotPresent
           securityContext:
             allowPrivilegeEscalation: false
@@ -124,16 +128,6 @@ spec:
                 fieldRef:
                   apiVersion: v1
                   fieldPath: metadata.namespace
-            - name: BITNAMI_DEBUG
-              value: "false"
-            - name: KC_BOOTSTRAP_ADMIN_PASSWORD_FILE
-              value: /opt/bitnami/keycloak/secrets/identity-keycloak-admin-password
-            - name: KEYCLOAK_DATABASE_PASSWORD_FILE
-              value: /opt/bitnami/keycloak/secrets/db-identity-keycloak-postgresql-user-password
-            - name: KEYCLOAK_HTTP_RELATIVE_PATH
-              value: "/auth/"
-            - name: KC_SPI_ADMIN_REALM
-              value: "master"
             - name: KEYCLOAK_PROXY_ADDRESS_FORWARDING
               value: 'false'
           envFrom:
@@ -154,7 +148,7 @@ spec:
               containerPort: 7800
           livenessProbe:
             failureThreshold: 3
-            initialDelaySeconds: 300
+            initialDelaySeconds: 120
             periodSeconds: 1
             successThreshold: 1
             timeoutSeconds: 5
@@ -169,6 +163,7 @@ spec:
             httpGet:
               path: /auth/realms/master
               port: http
+              scheme: HTTP
           volumeMounts:
             - name: empty-dir
               mountPath: /tmp

charts/camunda-platform-8.8/values.schema.json

@@ -1828,7 +1828,7 @@
                         "tag": {
                             "type": "string",
                             "description": "image tag",
-                            "default": "26.1.4"
+                            "default": "26.3.1"
                         },
                         "digest": {
                             "type": "string",

charts/camunda-platform-8.8/values.yaml

@@ -968,7 +968,7 @@ identityKeycloak:
     ## @param identityKeycloak.image.repository image repo
     repository: camunda/keycloak
     ## @param identityKeycloak.image.tag image tag
-    tag: 26.1.4
+    tag: 26.3.1
     ## @param identityKeycloak.image.digest can be used to set image digest (overrides tag if set, e.g. "sha256:abcd...")
     digest: ""