This update introduces significant enhancements to the Keycloak chart,
particularly regarding TLS certificate management. The changes include:
- Added the capability to automatically generate and manage TLS certificates
using Cert-Manager or Helm, improving the security posture by using
self-signed certificates in development scenarios.
- Implemented a dedicated ConfigMap to hold keycloak-config-cli
configurations and ensured that it is integrated with the job for
configuration synchronization.
- Enhanced the handling of admin ingress settings and TLS secrets,
facilitating smoother access and management for multi-host deployments.
- Refactored and reorganized sections to improve readability and maintainability
of templates, ensuring adherence to best practices in Helm charts.
These improvements aim to streamline deployment, enhance security features,
and simplify the management of certificates, facilitating easier
Kubernetes operations for users.
revert Update Keycloak image and version to 26.3.3
The Keycloak Docker image has been updated from
26.3.2-debian-12-r1 to 26.3.3-debian-12-r0 in both the Chart.yaml
and values.yaml files. This change was necessary to incorporate
the latest security patches and improvements provided in the
newer version.
Additionally, the appVersion and chart version in the Chart.yaml
file have been updated to 26.3.3 and 25.2.0 respectively to ensure
consistency with the image versioning. These updates help maintain
compatibility and ensure that users benefit from the latest enhancements.
The Keycloak Docker image has been updated from
26.3.2-debian-12-r1 to 26.3.3-debian-12-r0 in both the Chart.yaml
and values.yaml files. This change was necessary to incorporate
the latest security patches and improvements provided in the
newer version.
Additionally, the appVersion and chart version in the Chart.yaml
file have been updated to 26.3.3 and 25.2.0 respectively to ensure
consistency with the image versioning. These updates help maintain
compatibility and ensure that users benefit from the latest enhancements.
The version of the Keycloak chart has been reverted from 24.9.2 to
24.9.1. This change was necessary to align with the stability
requirements of our deployment environment, as issues were
identified in the newer version that could impact performance
and reliability. It's important to monitor further updates
from the Keycloak team to ensure we can upgrade once the
issues have been resolved without affecting our services.
Updated the `Chart.yaml` file for the Keycloak Helm chart. The
dependencies section was modified to use a more structured format
for listing dependencies. The condition for the PostgreSQL chart
was updated to improve clarity. Additionally, the chart version
was bumped from `24.9.1` to `24.9.2`, reflecting the latest
changes and improvements in the chart.
The description was reformatted to enhance readability and provide
clarity on what Keycloak offers. Minor adjustments were also made
to the keywords and maintainers sections for consistency and
accuracy. No breaking changes or impacts on existing deployments
are expected from this update.
This commit introduces a complete Helm chart for deploying Keycloak on
Kubernetes. The chart includes a variety of configurations such as
service and ingress definitions, metrics exposure, resource limits, and
autoscaling options.
Key features include:
- Full support for PostgreSQL as a database, configurable through chart
values.
- Ingress resources for external access, including support for TLS and
admin interfaces.
- Options to use custom configurations and initialization scripts via
ConfigMaps.
- Metrics service for Prometheus integration, alongside ServiceMonitor
configurations for Kubernetes monitoring.
- Enhanced environment variables management, including secret handling
for sensitive data like passwords.
These changes provide a robust foundation for deploying Keycloak in
both development and production environments. Users should be aware
that this initial setup gives flexibility for customization, but care
should be taken when altering default configurations to ensure
compatibility with existing deployments.
