Upgraded to version 25.0.0 of Keycloak (#770)

* Upgraded to version 25.0.0 of Keycloak

Signed-off-by: Hans Erik Heggem <[email protected]>

* using a separate value for internal port, due to backwards compatibility

Signed-off-by: Hans Erik Heggem <[email protected]>

* Using http internal port value in port naming

Signed-off-by: Hans Erik Heggem <[email protected]>

* Removed deprecated --hostname-strict-https argument

Signed-off-by: Hans Erik Heggem <[email protected]>

* Fixed deprecated PROXY configuration with new PROXY_HEADERS config

Signed-off-by: Hans Erik Heggem <[email protected]>

---------

Signed-off-by: Hans Erik Heggem <[email protected]>

charts/keycloakx/Chart.yaml

@@ -1,7 +1,7 @@
 apiVersion: v2
 name: keycloakx
 version: 2.3.0
-appVersion: 22.0.4
+appVersion: 25.0.0
 description: Keycloak.X - Open Source Identity and Access Management for Modern Applications and Services
 keywords:
   - sso

charts/keycloakx/README.md

@@ -11,10 +11,8 @@ $ cat << EOF > values.yaml
 command:
   - "/opt/keycloak/bin/kc.sh"
   - "start"
-  - "--http-enabled=true"
   - "--http-port=8080"
   - "--hostname-strict=false"
-  - "--hostname-strict-https=false"
 extraEnv: |
   - name: KEYCLOAK_ADMIN
     value: admin

charts/keycloakx/ci/h2-values.yaml

@@ -3,7 +3,6 @@ command:
   - "--verbose"
   - "start"
   - --hostname-strict=false
-  - --hostname-strict-https=false
 
 extraEnv: |
   - name: KEYCLOAK_ADMIN

charts/keycloakx/examples/postgresql-kubeping/Dockerfile

@@ -1,4 +1,4 @@
-FROM quay.io/keycloak/keycloak:22.0.4
+FROM quay.io/keycloak/keycloak:25.0.0
 
 ENV JGROUPS_KUBERNETES_VERSION 1.0.16.Final
 

charts/keycloakx/examples/postgresql-kubeping/keycloak-server-values.yaml

@@ -5,10 +5,8 @@ command:
   - "/opt/keycloak/bin/kc.sh"
   - "--verbose"
   - "start"
-  - "--http-enabled=true"
   - "--http-port=8080"
   - "--hostname-strict=false"
-  - "--hostname-strict-https=false"
   - "--spi-events-listener-jboss-logging-success-level=info"
   - "--spi-events-listener-jboss-logging-error-level=warn"
 

charts/keycloakx/examples/postgresql/keycloak-server-values.yaml

@@ -5,10 +5,8 @@ command:
   - "/opt/keycloak/bin/kc.sh"
   - "--verbose"
   - "start"
-  - "--http-enabled=true"
   - "--http-port=8080"
   - "--hostname-strict=false"
-  - "--hostname-strict-https=false"
   - "--spi-events-listener-jboss-logging-success-level=info"
   - "--spi-events-listener-jboss-logging-error-level=warn"
 

charts/keycloakx/templates/statefulset.yaml

@@ -100,9 +100,13 @@ spec:
               value: "kubernetes"
             {{- end }}
             {{- if .Values.proxy.enabled }}
-            - name: KC_PROXY
+            - name: KC_PROXY_HEADERS
               value: {{ .Values.proxy.mode }}
             {{- end }}
+            {{- if .Values.proxy.http.enabled }}
+            - name: KC_HTTP_ENABLED
+              value: "true"
+            {{- end }}
             {{- if .Values.database.vendor }}
             - name: KC_DB
               value: {{ .Values.database.vendor }}
@@ -145,6 +149,9 @@ spec:
             - name: http
               containerPort: 8080
               protocol: TCP
+            - name: '{{ .Values.http.internalPort }}'
+              containerPort: 9000
+              protocol: TCP
             {{- if .Values.service.httpsPort }}
             - name: https
               containerPort: 8443

charts/keycloakx/values.yaml

@@ -11,7 +11,7 @@ image:
   # The Keycloak image repository
   repository: quay.io/keycloak/keycloak
   # Overrides the Keycloak image tag whose default is the chart appVersion
-  tag: "22.0.4"
+  tag: "25.0.0"
   # Overrides the Keycloak image tag with a specific digest
   digest: ""
   # The Keycloak image pull policy
@@ -166,23 +166,23 @@ podAnnotations: {}
 livenessProbe: |
   httpGet:
     path: '{{ tpl .Values.http.relativePath $ | trimSuffix "/" }}/health/live'
-    port: http
+    port: '{{ .Values.http.internalPort }}'
   initialDelaySeconds: 0
   timeoutSeconds: 5
 
 # Readiness probe configuration
 readinessProbe: |
   httpGet:
     path: '{{ tpl .Values.http.relativePath $ | trimSuffix "/" }}/health/ready'
-    port: http
+    port: '{{ .Values.http.internalPort }}'
   initialDelaySeconds: 10
   timeoutSeconds: 1
 
 # Startup probe configuration
 startupProbe: |
   httpGet:
     path: '{{ tpl .Values.http.relativePath $ | trimSuffix "/" }}/health'
-    port: http
+    port: '{{ .Values.http.internalPort }}'
   initialDelaySeconds: 15
   timeoutSeconds: 1
   failureThreshold: 60
@@ -406,7 +406,9 @@ cache:
 
 proxy:
   enabled: true
-  mode: edge
+  mode: forwarded
+  http:
+    enabled: true
 
 metrics:
   enabled: true
@@ -417,6 +419,7 @@ health:
 http:
   # For backwards compatibility reasons we set this to the value used by previous Keycloak versions.
   relativePath: "/auth"
+  internalPort: http-internal
 
 serviceMonitor:
   # If `true`, a ServiceMonitor resource for the prometheus-operator is created
@@ -436,7 +439,7 @@ serviceMonitor:
   # The path at which metrics are served
   path: '{{ tpl .Values.http.relativePath $ | trimSuffix "/" }}/metrics'
   # The Service port at which metrics are served
-  port: http
+  port: '{{ .Values.http.internalPort }}'
 
 extraServiceMonitor:
   # If `true`, a ServiceMonitor resource for the prometheus-operator is created
@@ -454,9 +457,9 @@ extraServiceMonitor:
   # Timeout for scraping
   scrapeTimeout: 10s
   # The path at which metrics are served
-  path: '{{ tpl .Values.http.relativePath $ | trimSuffix "/" }}/realms/master/metrics'
+  path: '{{ tpl .Values.http.relativePath $ | trimSuffix "/" }}/metrics'
   # The Service port at which metrics are served
-  port: http
+  port: '{{ .Values.http.internalPort }}'
 
 prometheusRule:
   # If `true`, a PrometheusRule resource for the prometheus-operator is created