This update introduces significant enhancements to the Keycloak chart,
particularly regarding TLS certificate management. The changes include:
- Added the capability to automatically generate and manage TLS certificates
using Cert-Manager or Helm, improving the security posture by using
self-signed certificates in development scenarios.
- Implemented a dedicated ConfigMap to hold keycloak-config-cli
configurations and ensured that it is integrated with the job for
configuration synchronization.
- Enhanced the handling of admin ingress settings and TLS secrets,
facilitating smoother access and management for multi-host deployments.
- Refactored and reorganized sections to improve readability and maintainability
of templates, ensuring adherence to best practices in Helm charts.
These improvements aim to streamline deployment, enhance security features,
and simplify the management of certificates, facilitating easier
Kubernetes operations for users.
This commit updates the Keycloak Helm chart dependencies to
include the latest version of PostgreSQL (16.7.24) and adds the
common chart (version 2.31.3) as new files. The updates were
necessary to ensure compatibility with the latest features
and security patches provided by both dependencies.
The `Chart.lock` file was modified to reflect the version
increment for PostgreSQL and includes a new digest and
generated timestamp. The addition of the `.tgz` files for
both charts ensures that they are packaged and available for
deployment without fetching directly from the remote
repository.
There are no breaking changes introduced with these updates;
the changes primarily enhance the stability and security of
the Keycloak deployment.
This commit introduces a complete Helm chart for deploying Keycloak on
Kubernetes. The chart includes a variety of configurations such as
service and ingress definitions, metrics exposure, resource limits, and
autoscaling options.
Key features include:
- Full support for PostgreSQL as a database, configurable through chart
values.
- Ingress resources for external access, including support for TLS and
admin interfaces.
- Options to use custom configurations and initialization scripts via
ConfigMaps.
- Metrics service for Prometheus integration, alongside ServiceMonitor
configurations for Kubernetes monitoring.
- Enhanced environment variables management, including secret handling
for sensitive data like passwords.
These changes provide a robust foundation for deploying Keycloak in
both development and production environments. Users should be aware
that this initial setup gives flexibility for customization, but care
should be taken when altering default configurations to ensure
compatibility with existing deployments.
