OPSEXP-2976 Keycloak to v25 in acs-sso-example chart

helm/acs-sso-example/Chart.lock

@@ -4,7 +4,7 @@ dependencies:
   version: 13.4.0
 - name: keycloakx
   repository: https://codecentric.github.io/helm-charts
-  version: 2.5.1
+  version: 2.6.0
 - name: alfresco-repository
   repository: https://alfresco.github.io/alfresco-helm-charts/
   version: 0.8.0
@@ -17,5 +17,5 @@ dependencies:
 - name: alfresco-adf-app
   repository: https://alfresco.github.io/alfresco-helm-charts/
   version: 0.2.0
-digest: sha256:3bf57da26484518aae1cbda9d15f5f7ffc66d5719ca274af77721dc7d532b71b
-generated: "2024-11-29T14:09:38.670834875Z"
+digest: sha256:413cfefbc042db3f32daa986664e683160233b6681739430ccb31f0ff4aeed24
+generated: "2024-12-02T14:34:28.83467+01:00"

helm/acs-sso-example/Chart.yaml

@@ -20,7 +20,7 @@ description: |
   :warning: All components have persistence disabled so all data is lost after a
   deployment is destroyed or rolled back!
 type: application
-version: 1.1.0
+version: 1.1.1
 appVersion: 23.4.0
 home: https://www.alfresco.com
 sources:
@@ -32,7 +32,7 @@ dependencies:
     alias: repository-database
   - name: keycloakx
     repository: https://codecentric.github.io/helm-charts
-    version: 2.5.1
+    version: 2.6.0
   - name: alfresco-repository
     repository: https://alfresco.github.io/alfresco-helm-charts/
     version: 0.8.0

helm/acs-sso-example/README.md

@@ -6,7 +6,7 @@ grand_parent: Helm
 
 # acs-sso-example
 
-![Version: 1.1.0](https://img.shields.io/badge/Version-1.1.0-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 23.4.0](https://img.shields.io/badge/AppVersion-23.4.0-informational?style=flat-square)
+![Version: 1.1.1](https://img.shields.io/badge/Version-1.1.1-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 23.4.0](https://img.shields.io/badge/AppVersion-23.4.0-informational?style=flat-square)
 
 An example Chart to demonstrate how to compose your own Alfresco platform
 with SSO on kubernetes using a nthrid party Keycloak.
@@ -41,7 +41,7 @@ deployment is destroyed or rolled back!
 | https://alfresco.github.io/alfresco-helm-charts/ | alfresco-content-app(alfresco-adf-app) | 0.2.0 |
 | https://alfresco.github.io/alfresco-helm-charts/ | alfresco-repository | 0.8.0 |
 | https://alfresco.github.io/alfresco-helm-charts/ | alfresco-share | 1.2.0 |
-| https://codecentric.github.io/helm-charts | keycloakx | 2.5.1 |
+| https://codecentric.github.io/helm-charts | keycloakx | 2.6.0 |
 | oci://registry-1.docker.io/bitnamicharts | repository-database(postgresql) | 13.4.0 |
 
 ## Values
@@ -55,8 +55,8 @@ deployment is destroyed or rolled back!
 | global.known_urls | list | `["http://localhost"]` | list of trusted URLs. URLs a re used to configure Cross-origin protections Also the first entry is considered the main hosting domain of the platform. |
 | keycloakx | object | check values.yaml | Configure the ACS Keycloak Identity provider as per https://github.com/codecentric/helm-charts/tree/keycloakx-2.3.0 |
 | keycloakx.admin.password | string | random ascii string | Keycloak admin password. By default generated on first deployment, to get its value use:<br> <code>kubectl get secrets keycloak -o jsonpath='{@.data.KEYCLOAK_ADMIN_PASSWORD}' | base64 -d</code> |
-| keycloakx.admin.realm[0] | object | `{"clients":[{"clientId":"alfresco","enabled":true,"implicitFlowEnabled":true,"publicClient":true,"redirectUris":"{{- $redirectUris := list }} {{- range (index (include \"alfresco-common.known.urls\" $ | mustFromJson) \"known_urls\") }} {{- $redirectUris = append $redirectUris (printf \"%s/*\" .) }} {{- end }} {{- $redirectUris }}","standardFlowEnabled":true,"webOrigins":"{{ index (include \"alfresco-common.known.urls\" $ | mustFromJson) \"known_urls\" }}"}],"defaultLocale":"en","enabled":true,"id":"alfresco","internationalizationEnabled":true,"loginTheme":"alfresco","realm":"alfresco","sslRequired":"none","supportedLocales":["ca","de","en","es","fr","it","ja","lt","nl","no","pt-BR","ru","sv","zh-CN"],"users":[{"credentials":[{"type":"password","value":"secret"}],"enabled":true,"username":"admin"}]}` | Alfresco Realm definition |
-| keycloakx.admin.realm[0].users[0] | object | `{"credentials":[{"type":"password","value":"secret"}],"enabled":true,"username":"admin"}` | default Alfresco admin user |
+| keycloakx.admin.realm[0] | object | `{"clients":[{"clientId":"alfresco","enabled":true,"implicitFlowEnabled":true,"publicClient":true,"redirectUris":"{{- $redirectUris := list }} {{- range (index (include \"alfresco-common.known.urls\" $ | mustFromJson) \"known_urls\") }} {{- $redirectUris = append $redirectUris (printf \"%s/*\" .) }} {{- end }} {{- $redirectUris }}","standardFlowEnabled":true,"webOrigins":"{{ index (include \"alfresco-common.known.urls\" $ | mustFromJson) \"known_urls\" }}"}],"defaultLocale":"en","enabled":true,"id":"alfresco","internationalizationEnabled":true,"loginTheme":"alfresco","realm":"alfresco","sslRequired":"none","supportedLocales":["ca","de","en","es","fr","it","ja","lt","nl","no","pt-BR","ru","sv","zh-CN"],"users":[{"credentials":[{"type":"password","value":"secret"}],"email":"[email protected]","enabled":true,"firstName":"admin","lastName":"admin","username":"admin"}]}` | Alfresco Realm definition |
+| keycloakx.admin.realm[0].users[0] | object | `{"credentials":[{"type":"password","value":"secret"}],"email":"[email protected]","enabled":true,"firstName":"admin","lastName":"admin","username":"admin"}` | default Alfresco admin user |
 | keycloakx.admin.realm[0].users[0].credentials[0].value | string | `"secret"` | default Alfresco admin password |
 | keycloakx.admin.username | string | `"admin"` | Keycloak admin username |
 | repository-database | object | check values.yaml | Configure the ACS repository Postgres database as per https://github.com/bitnami/charts/tree/002c752f871c8fa068a770dc80fec4cf798798ab/bitnami/postgresql |

helm/acs-sso-example/values.yaml

@@ -40,7 +40,7 @@ repository-database:
 keycloakx:
   nameOverride: keycloak
   image:
-    tag: 24.0.5
+    tag: 25.0.6
   admin:
     # -- Keycloak admin username
     username: admin
@@ -74,6 +74,9 @@ keycloakx:
           # -- default Alfresco admin user
           - username: admin
             enabled: true
+            firstName: admin
+            lastName: admin
+            email: [email protected]
             credentials:
               - type: password
                 # -- default Alfresco admin password
@@ -98,35 +101,38 @@ keycloakx:
   command:
     - /opt/keycloak/bin/kc.sh
     - start
+    - --hostname=http://localhost/auth
+    - --health-enabled=true
     - --http-enabled=true
     - --http-port=8080
-    - --hostname-strict=false
-    - --hostname-strict-https=false
     - --import-realm
   http:
     relativePath: /auth
   livenessProbe: |
     httpGet:
       path: '{{ tpl .Values.http.relativePath $ | trimSuffix "/" }}/health/live'
-      port: http
+      port: http-internal
     initialDelaySeconds: 0
     timeoutSeconds: 5
   readinessProbe: |
     httpGet:
       path: '{{ tpl .Values.http.relativePath $ | trimSuffix "/" }}/health/ready'
-      port: http
+      port: http-internal
     initialDelaySeconds: 10
     timeoutSeconds: 1
   startupProbe: |
     httpGet:
       path: '{{ tpl .Values.http.relativePath $ | trimSuffix "/" }}/health'
-      port: http
+      port: http-internal
     initialDelaySeconds: 15
     timeoutSeconds: 1
     failureThreshold: 60
     periodSeconds: 5
   ingress:
     enabled: true
+    ingressClassName: nginx
+    annotations:
+      nginx.ingress.kubernetes.io/proxy-buffer-size: 8k
     tls: []
     rules:
       - host: >-
@@ -245,6 +251,11 @@ alfresco-content-app:
       nginx.ingress.kubernetes.io/proxy-body-size: 5g
       nginx.ingress.kubernetes.io/proxy-buffer-size: 8k
     tls: []
+    hosts:
+      - host: localhost
+        paths:
+          - path: /aca
+            pathType: Prefix
   image:
     repository: alfresco/alfresco-content-app
     tag: 5.2.0
@@ -254,5 +265,7 @@ alfresco-content-app:
     APP_CONFIG_AUTH_TYPE: OAUTH
     APP_CONFIG_OAUTH2_HOST: "{protocol}//{hostname}{:port}/auth/realms/alfresco"
     APP_CONFIG_OAUTH2_CLIENTID: alfresco
-    APP_CONFIG_OAUTH2_REDIRECT_SILENT_IFRAME_URI: "{protocol}//{hostname}{:port}/assets/silent-refresh.html"
-    BASE_PATH: /
+    APP_CONFIG_OAUTH2_REDIRECT_SILENT_IFRAME_URI: "{protocol}//{hostname}{:port}/aca/assets/silent-refresh.html"
+    BASE_PATH: /aca
+    APP_CONFIG_OAUTH2_REDIRECT_LOGIN: /aca
+    APP_CONFIG_OAUTH2_REDIRECT_LOGOUT: /aca