From b4e0c5d98ec6c5ba672dffd005b6b78c1cd8e6c5 Mon Sep 17 00:00:00 2001 From: Angel Kafazov Date: Sat, 8 Feb 2025 22:57:12 +0200 Subject: [PATCH 1/4] fix(chart): update Keycloak chart version to 0.61.0 and enhance README with architecture support On-behalf-of: @SAP angel.kafazov@sap.com Signed-off-by: Angel Kafazov --- charts/keycloak/Chart.yaml | 2 +- charts/keycloak/README.md | 5 +++-- charts/keycloak/values.yaml | 10 +++++----- 3 files changed, 9 insertions(+), 8 deletions(-) diff --git a/charts/keycloak/Chart.yaml b/charts/keycloak/Chart.yaml index 74345fdca..fd56e93d3 100644 --- a/charts/keycloak/Chart.yaml +++ b/charts/keycloak/Chart.yaml @@ -3,7 +3,7 @@ name: keycloak description: A Helm chart to deploy keycloak as OIDC provider in openmfp type: application -version: 0.60.23 +version: 0.61.0 appVersion: "1.16.0" dependencies: diff --git a/charts/keycloak/README.md b/charts/keycloak/README.md index 25379c5c3..a1bccece2 100644 --- a/charts/keycloak/README.md +++ b/charts/keycloak/README.md @@ -13,6 +13,7 @@ A Helm chart to deploy keycloak as OIDC provider in openmfp ## Values | Key | Type | Default | Description | |-----|------|---------|-------------| +| arch | string | `"x86_64"` | | | crossplane.clients.openmfp.name | string | `"OpenMFP"` | name of the client | | crossplane.clients.openmfp.validRedirectUris | list | `["http://localhost:8000/callback*","http://localhost:4300/callback*"]` | valid redirect uris for the client | | crossplane.clients.openmfp.validRedirectUris[0] | string | `"http://localhost:8000/callback*"` | keycloak callback url | @@ -37,8 +38,8 @@ A Helm chart to deploy keycloak as OIDC provider in openmfp | job | object | `{"annotations":{"argocd.argoproj.io/hook":"PostSync"},"serviceAccount":"keycloak-client-creation"}` | job configuration | | job.annotations | object | `{"argocd.argoproj.io/hook":"PostSync"}` | custom job annotations | | job.serviceAccount | string | `"keycloak-client-creation"` | job ServiceAccount name | -| keycloak | object | `{"extraEnvVars":"- name: KEYCLOAK_USER\n value: keycloak-admin\n- name: KEYCLOAK_PASSWORD\n valueFrom:\n secretKeyRef:\n name: keycloak-admin\n key: secret\n- name: JAVA_OPTS_APPEND\n value: >-\n {% if eq .Values.arch \"Arm64\" -%}\n -XX:UseSVE=0 -Djgroups.dns.query=openmfp-keycloak-headless.openmfp-system.svc.cluster.local\n {%- end %}\n -Djgroups.dns.query=openmfp-keycloak-headless.openmfp-system.svc.cluster.local\n","postgresql":{"auth":{"existingSecret":"","secretKeys":{"adminPasswordKey":"password","userPasswordKey":"password"}}}}` | configuration passed to the child 'keyclaok' chart https://github.com/bitnami/charts/tree/main/bitnami/keycloak | -| keycloak.extraEnvVars | string | `"- name: KEYCLOAK_USER\n value: keycloak-admin\n- name: KEYCLOAK_PASSWORD\n valueFrom:\n secretKeyRef:\n name: keycloak-admin\n key: secret\n- name: JAVA_OPTS_APPEND\n value: >-\n {% if eq .Values.arch \"Arm64\" -%}\n -XX:UseSVE=0 -Djgroups.dns.query=openmfp-keycloak-headless.openmfp-system.svc.cluster.local\n {%- end %}\n -Djgroups.dns.query=openmfp-keycloak-headless.openmfp-system.svc.cluster.local\n"` | keycloak environment variables (raw) | +| keycloak | object | `{"extraEnvVars":[{"name":"KEYCLOAK_USER","value":"keycloak-admin"},{"name":"KEYCLOAK_PASSWORD","valueFrom":{"secretKeyRef":{"key":"secret","name":"keycloak-admin"}}},{"name":"JAVA_OPTS_APPEND","value":"-Djgroups.dns.query=openmfp-keycloak-headless.openmfp-system.svc.cluster.local"}],"postgresql":{"auth":{"existingSecret":"","secretKeys":{"adminPasswordKey":"password","userPasswordKey":"password"}}}}` | configuration passed to the child 'keyclaok' chart https://github.com/bitnami/charts/tree/main/bitnami/keycloak | +| keycloak.extraEnvVars | list | `[{"name":"KEYCLOAK_USER","value":"keycloak-admin"},{"name":"KEYCLOAK_PASSWORD","valueFrom":{"secretKeyRef":{"key":"secret","name":"keycloak-admin"}}},{"name":"JAVA_OPTS_APPEND","value":"-Djgroups.dns.query=openmfp-keycloak-headless.openmfp-system.svc.cluster.local"}]` | keycloak environment variables (raw) For Arm64 arch (especially Apple M4), add -XX:UseSVE=0 to JAVA_OPTS_APPEND | | keycloak.postgresql | object | `{"auth":{"existingSecret":"","secretKeys":{"adminPasswordKey":"password","userPasswordKey":"password"}}}` | configuration for the postgresql sub-chart | | keycloak.postgresql.auth | object | `{"existingSecret":"","secretKeys":{"adminPasswordKey":"password","userPasswordKey":"password"}}` | authorization configuration | | keycloak.postgresql.auth.existingSecret | string | `""` | existing secret name | diff --git a/charts/keycloak/values.yaml b/charts/keycloak/values.yaml index 54f3a7e6c..f1ad0a14c 100644 --- a/charts/keycloak/values.yaml +++ b/charts/keycloak/values.yaml @@ -39,11 +39,14 @@ crossplane: identityProviders: {} +arch: "x86_64" + # -- configuration passed to the child 'keyclaok' chart # https://github.com/bitnami/charts/tree/main/bitnami/keycloak keycloak: # -- keycloak environment variables (raw) - extraEnvVars: | + # For Arm64 arch (especially Apple M4), add -XX:UseSVE=0 to JAVA_OPTS_APPEND + extraEnvVars: - name: KEYCLOAK_USER value: keycloak-admin - name: KEYCLOAK_PASSWORD @@ -52,10 +55,7 @@ keycloak: name: keycloak-admin key: secret - name: JAVA_OPTS_APPEND - value: >- - {% if eq .Values.arch "Arm64" -%} - -XX:UseSVE=0 -Djgroups.dns.query=openmfp-keycloak-headless.openmfp-system.svc.cluster.local - {%- end %} + value: |- -Djgroups.dns.query=openmfp-keycloak-headless.openmfp-system.svc.cluster.local # -- configuration for the postgresql sub-chart From 204190b6b122c53d6e01647ed39ebecb57dfd519 Mon Sep 17 00:00:00 2001 From: Angel Kafazov Date: Sat, 8 Feb 2025 22:59:36 +0200 Subject: [PATCH 2/4] fix(local-setup): add extra environment variables for Keycloak in arm64 patch On-behalf-of: @SAP angel.kafazov@sap.com Signed-off-by: Angel Kafazov --- local-setup/kustomize/overlays/arm64/patch-keycloak.yaml | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/local-setup/kustomize/overlays/arm64/patch-keycloak.yaml b/local-setup/kustomize/overlays/arm64/patch-keycloak.yaml index 8e57cc634..a4b31687f 100644 --- a/local-setup/kustomize/overlays/arm64/patch-keycloak.yaml +++ b/local-setup/kustomize/overlays/arm64/patch-keycloak.yaml @@ -7,4 +7,9 @@ spec: values: keycloak: keycloak: - arch: "Arm64" + extraEnvVars: + - name: JAVA_OPTS_APPEND + value: |- + -Djgroups.dns.query=openmfp-keycloak-headless.openmfp-system.svc.cluster.local + -XX:UseSVE=0 + From 8ae797c51373b560bf5697570bfb32b92ec76498 Mon Sep 17 00:00:00 2001 From: Angel Kafazov Date: Sat, 8 Feb 2025 23:01:39 +0200 Subject: [PATCH 3/4] fix(chart): remove architecture key from Keycloak values and README On-behalf-of: @SAP angel.kafazov@sap.com Signed-off-by: Angel Kafazov --- charts/keycloak/README.md | 1 - charts/keycloak/values.yaml | 2 -- 2 files changed, 3 deletions(-) diff --git a/charts/keycloak/README.md b/charts/keycloak/README.md index a1bccece2..9e58f078a 100644 --- a/charts/keycloak/README.md +++ b/charts/keycloak/README.md @@ -13,7 +13,6 @@ A Helm chart to deploy keycloak as OIDC provider in openmfp ## Values | Key | Type | Default | Description | |-----|------|---------|-------------| -| arch | string | `"x86_64"` | | | crossplane.clients.openmfp.name | string | `"OpenMFP"` | name of the client | | crossplane.clients.openmfp.validRedirectUris | list | `["http://localhost:8000/callback*","http://localhost:4300/callback*"]` | valid redirect uris for the client | | crossplane.clients.openmfp.validRedirectUris[0] | string | `"http://localhost:8000/callback*"` | keycloak callback url | diff --git a/charts/keycloak/values.yaml b/charts/keycloak/values.yaml index f1ad0a14c..3612f3405 100644 --- a/charts/keycloak/values.yaml +++ b/charts/keycloak/values.yaml @@ -39,8 +39,6 @@ crossplane: identityProviders: {} -arch: "x86_64" - # -- configuration passed to the child 'keyclaok' chart # https://github.com/bitnami/charts/tree/main/bitnami/keycloak keycloak: From 7f5b3fc9a78f921ed8b4c19c60fc909fe09b9355 Mon Sep 17 00:00:00 2001 From: Angel Kafazov Date: Sat, 8 Feb 2025 23:46:24 +0200 Subject: [PATCH 4/4] fix(local-setup): add JAVA_OPTS_APPEND environment variable for Keycloak configuration On-behalf-of: @SAP angel.kafazov@sap.com Signed-off-by: Angel Kafazov --- local-setup/kustomize/components/openmfp/release.yaml | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/local-setup/kustomize/components/openmfp/release.yaml b/local-setup/kustomize/components/openmfp/release.yaml index 0a3d6eed2..3a649666c 100644 --- a/local-setup/kustomize/components/openmfp/release.yaml +++ b/local-setup/kustomize/components/openmfp/release.yaml @@ -110,6 +110,11 @@ spec: existingSecret: "" primary: resourcesPreset: none + extraEnvVars: + - name: JAVA_OPTS_APPEND + value: |- + -Djgroups.dns.query=openmfp-keycloak-headless.openmfp-system.svc.cluster.local + -XX:UseSVE=0 keycloakConfig: url: http://openmfp-keycloak.openmfp-system.svc.cluster.local/keycloak