Merge pull request #27 from eclipse-tractusx/release/v2.0.0-alpha

release(v2.0.0-alpha): merge release into main

.github/pull_request_template.md

@@ -15,10 +15,8 @@ Link to Github issue.
 Please delete options that are not relevant.
 
 - [ ] I have followed the [contributing guidelines](https://github.com/eclipse-tractusx/portal-assets/blob/main/developer/Technical%20Documentation/Dev%20Process/How%20to%20contribute.md#commit-and-pr-guidelines)
+- [ ] I have added a copyright and license header in all affected files
 - [ ] I have performed a self-review of my changes
 - [ ] I have successfully tested my changes
 - [ ] I have added comments in the default values.yaml file with helm-docs syntax ('# -- ') if relevant for installation
 - [ ] I have commented my changes, particularly in hard-to-understand areas
-- [ ] I have added a copyright and license header in all affected files
-- [ ] I have performed [IP checks](https://eclipse-tractusx.github.io/docs/release/trg-7/trg-7-04#checking-libraries-using-the-eclipse-dash-license-tool) for added or updated 3rd party libraries
-- [ ] I have created and linked IP issues or requested their creation by a committer

CHANGELOG.md

@@ -1,6 +1,32 @@
 # Changelog
 
-New features, fixed bugs, known defects and other noteworthy changes to each release of the Catena-X IAM - Keycloak instances.
+New features, fixed bugs, known defects and other noteworthy changes to each release of the Catena-X IAM * Keycloak instances.
+
+## 2.0.0-alpha
+
+### Change
+
+* changed to v22.0.3 ([bitnami chart version: 16.1.6](https://artifacthub.io/packages/helm/bitnami/keycloak/16.1.6))
+  * bumped chart version to to major 2.0.0 (alpha)
+  * changed appVersion from 1.2.0 to 22.0.3 to align with Keycloak version as that's more intuitive
+  * added production mode with default false
+  * added reverse proxy mode with default passthrough
+  * removed service type: default value is ClusterIP in new bitnami chart version
+  * removed proxyAddressForwarding
+  * removed serviceDiscovery
+  * set httpRelativePath to '/auth/', as we're migrating from 16.1.1 version which was using the trailing 'auth'
+  * updated retrieval of service name for seeding job
+  * removed management-password from secrets as key isn't part of default secret anymore
+
+ Please be aware that **this version is still in alpha phase**: especially the upgrade documentation WIP.
+### Bugfix
+
+* fixed escaping of secret values: quotes added
+
+### Technical Support
+
+* updated k8s version and version to upgrade from for helm test workflows
+* updated SECURITY.md
 
 ## 1.2.0
 
@@ -20,19 +46,19 @@ New features, fixed bugs, known defects and other noteworthy changes to each rel
 
 ### Bugfix
 
-* login theme (centralidp - cx-central): fixed browser 64k limit for single node text
-* login theme (sharedidp - registration): fixed screen layout for wide displays
+* login theme (centralidp * cx-central): fixed browser 64k limit for single node text
+* login theme (sharedidp * registration): fixed screen layout for wide displays
 
 ## 1.1.0
 
 ### Change
 
-* realm init (centralidp - cx-central): see [Post-Upgrade Configuration](./charts/centralidp/README.md#post-upgrade-configuration)
+* realm init (centralidp * cx-central): see [Post-Upgrade Configuration](./charts/centralidp/README.md#post-upgrade-configuration)
 * changed to secret name to be retrieved from values file
 
 ### Bugfix
 
-* login theme (centralidp - cx-central): allowed to search for numbers only at idp-selection
+* login theme (centralidp * cx-central): allowed to search for numbers only at idp-selection
 * enabled usage of existing secret values if secret exists: stops regeneration of random secret values at 'helm upgrade'
 * stopped creation of the corresponding secret if database dependency is disabled
 * realm init (centralidp): switched to singleFile import

charts/centralidp/README.md

@@ -59,7 +59,7 @@ dependencies:
 | keycloak.extraVolumeMounts[1].name | string | `"realms"` |  |
 | keycloak.extraVolumeMounts[1].mountPath | string | `"/realms"` |  |
 | keycloak.initContainers[0].name | string | `"import"` |  |
-| keycloak.initContainers[0].image | string | `"tractusx/portal-iam:v1.2.0"` |  |
+| keycloak.initContainers[0].image | string | `"tractusx/portal-iam:v2.0.0-alpha"` |  |
 | keycloak.initContainers[0].imagePullPolicy | string | `"Always"` |  |
 | keycloak.initContainers[0].command[0] | string | `"sh"` |  |
 | keycloak.initContainers[0].args[0] | string | `"-c"` |  |
@@ -100,7 +100,6 @@ dependencies:
 | keycloak.externalDatabase.existingSecret | string | `"centralidp-keycloak-external-db"` | Secret containing the password non-root username, (default 'kccentral'). |
 | keycloak.externalDatabase.existingSecretPasswordKey | string | `"password"` | Name of an existing secret key containing the database credentials. |
 | secrets.auth.existingSecret.adminpassword | string | `""` | Password for the admin username 'admin'. Secret-key 'admin-password'. |
-| secrets.auth.existingSecret.managementpassword | string | `""` | Password Wildfly management username 'manager'. Secret-key 'management-password'. |
 | secrets.postgresql.auth.existingSecret.postgrespassword | string | `""` | Password for the root username 'postgres'. Secret-key 'postgres-password'. |
 | secrets.postgresql.auth.existingSecret.password | string | `""` | Password for the non-root username 'kccentral'. Secret-key 'password'. |
 | secrets.postgresql.auth.existingSecret.replicationPassword | string | `""` | Password for the non-root username 'repl_user'. Secret-key 'replication-password'. |
@@ -117,7 +116,7 @@ dependencies:
 | seeding.extraVolumeMounts[0].name | string | `"realms"` |  |
 | seeding.extraVolumeMounts[0].mountPath | string | `"app/realms"` |  |
 | seeding.initContainers[0].name | string | `"init-cx-central"` |  |
-| seeding.initContainers[0].image | string | `"tractusx/portal-iam:v1.2.0"` |  |
+| seeding.initContainers[0].image | string | `"tractusx/portal-iam:v2.0.0-alpha"` |  |
 | seeding.initContainers[0].imagePullPolicy | string | `"Always"` |  |
 | seeding.initContainers[0].command[0] | string | `"sh"` |  |
 | seeding.initContainers[0].args[0] | string | `"-c"` |  |
@@ -154,12 +153,11 @@ Please have a look into changelog for a more detailed description.
 
 We also recommend checking out the [Keycloak Upgrading Guide](https://www.keycloak.org/docs/latest/upgrading/index.html)
 
-To be mentioned explicitly: this major adds 'production' mode with default value false and reverse 'proxy' mode with default value 'passthrough'.
+To be explicitly mentioned: this major adds the production mode with default value false and the reverse proxy mode with default value passthrough.
 Please check the description of those parameters and decide if they're suitable for you.
 
-This major version changes the PostgreSQL version from 14.2.0 to 15.4.0. Follow the [official instructions](https://www.postgresql.org/docs/15/upgrading.html) to upgrade to 15.
-
-Accordingly,this major also updates the PostgreSQL subchart from Bitnami from 11.1.22 to 12.12.9.
+Please be aware that this major changes the version of the PostgreSQL dependency by Bitnami from 14.2.0 to 15.4.0 (subchart updated from version 11.1.22 to 12.12.9).
+The database upgrade for the subchart by Bitnami isn't supported.
 
 ## Post-Upgrade Configuration
 

charts/centralidp/README.md.gotmpl

@@ -65,12 +65,11 @@ Please have a look into changelog for a more detailed description.
 
 We also recommend checking out the [Keycloak Upgrading Guide](https://www.keycloak.org/docs/latest/upgrading/index.html)
 
-To be mentioned explicitly: this major adds 'production' mode with default value false and reverse 'proxy' mode with default value 'passthrough'.
+To be explicitly mentioned: this major adds the production mode with default value false and the reverse proxy mode with default value passthrough.
 Please check the description of those parameters and decide if they're suitable for you.
 
-This major version changes the PostgreSQL version from 14.2.0 to 15.4.0. Follow the [official instructions](https://www.postgresql.org/docs/15/upgrading.html) to upgrade to 15.
-
-Accordingly,this major also updates the PostgreSQL subchart from Bitnami from 11.1.22 to 12.12.9.
+Please be aware that this major changes the version of the PostgreSQL dependency by Bitnami from 14.2.0 to 15.4.0 (subchart updated from version 11.1.22 to 12.12.9).
+The database upgrade for the subchart by Bitnami isn't supported.
 
 ## Post-Upgrade Configuration
 

charts/centralidp/values.yaml

@@ -48,7 +48,7 @@ keycloak:
       mountPath: "/realms"
   initContainers:
     - name: import
-      image: tractusx/portal-iam:v1.2.0
+      image: tractusx/portal-iam:v2.0.0-alpha
       imagePullPolicy: Always
       command:
         - sh
@@ -174,7 +174,7 @@ seeding:
       mountPath: "app/realms"
   initContainers:
     - name: init-cx-central
-      image: tractusx/portal-iam:v1.2.0
+      image: tractusx/portal-iam:v2.0.0-alpha
       imagePullPolicy: Always
       command:
         - sh

charts/sharedidp/README.md

@@ -63,7 +63,7 @@ dependencies:
 | keycloak.extraVolumeMounts[2].name | string | `"realms"` |  |
 | keycloak.extraVolumeMounts[2].mountPath | string | `"/realms"` |  |
 | keycloak.initContainers[0].name | string | `"import"` |  |
-| keycloak.initContainers[0].image | string | `"tractusx/portal-iam:v1.2.0"` |  |
+| keycloak.initContainers[0].image | string | `"tractusx/portal-iam:v2.0.0-alpha"` |  |
 | keycloak.initContainers[0].imagePullPolicy | string | `"Always"` |  |
 | keycloak.initContainers[0].command[0] | string | `"sh"` |  |
 | keycloak.initContainers[0].args[0] | string | `"-c"` |  |
@@ -106,7 +106,6 @@ dependencies:
 | keycloak.externalDatabase.existingSecret | string | `"sharedidp-keycloak-external-db"` | Secret containing the password non-root username, (default 'kcshared'). |
 | keycloak.externalDatabase.existingSecretPasswordKey | string | `"password"` | Name of an existing secret key containing the database credentials. |
 | secrets.auth.existingSecret.adminpassword | string | `""` | Password for the admin username 'admin'. Secret-key 'admin-password'. |
-| secrets.auth.existingSecret.managementpassword | string | `""` | Password Wildfly management username 'manager'. Secret-key 'management-password'. |
 | secrets.postgresql.auth.existingSecret.postgrespassword | string | `""` | Password for the root username 'postgres'. Secret-key 'postgres-password'. |
 | secrets.postgresql.auth.existingSecret.password | string | `""` | Password for the non-root username 'kcshared'. Secret-key 'password'. |
 | secrets.postgresql.auth.existingSecret.replicationPassword | string | `""` | Password for the non-root username 'repl_user'. Secret-key 'replication-password'. |
@@ -147,9 +146,8 @@ Please have a look into changelog for a more detailed description.
 
 We also recommend checking out the [Keycloak Upgrading Guide](https://www.keycloak.org/docs/latest/upgrading/index.html)
 
-To be mentioned explicitly: this major adds 'production' mode with default value false and reverse 'proxy' mode with default value 'passthrough'.
+To be explicitly mentioned: this major adds the production mode with default value false and the reverse proxy mode with default value passthrough.
 Please check the description of those parameters and decide if they're suitable for you.
 
-This major version changes the PostgreSQL version from 14.2.0 to 15.4.0. Follow the [official instructions](https://www.postgresql.org/docs/15/upgrading.html) to upgrade to 15.
-
-Accordingly,this major also updates the PostgreSQL subchart from Bitnami from 11.1.22 to 12.12.9.
+Please be aware that this major changes the version of the PostgreSQL dependency by Bitnami from 14.2.0 to 15.4.0 (subchart updated from version 11.1.22 to 12.12.9).
+The database upgrade for the subchart by Bitnami isn't supported.

charts/sharedidp/README.md.gotmpl

@@ -71,9 +71,8 @@ Please have a look into changelog for a more detailed description.
 
 We also recommend checking out the [Keycloak Upgrading Guide](https://www.keycloak.org/docs/latest/upgrading/index.html)
 
-To be mentioned explicitly: this major adds 'production' mode with default value false and reverse 'proxy' mode with default value 'passthrough'.
+To be explicitly mentioned: this major adds the production mode with default value false and the reverse proxy mode with default value passthrough.
 Please check the description of those parameters and decide if they're suitable for you.
 
-This major version changes the PostgreSQL version from 14.2.0 to 15.4.0. Follow the [official instructions](https://www.postgresql.org/docs/15/upgrading.html) to upgrade to 15.
-
-Accordingly,this major also updates the PostgreSQL subchart from Bitnami from 11.1.22 to 12.12.9.
+Please be aware that this major changes the version of the PostgreSQL dependency by Bitnami from 14.2.0 to 15.4.0 (subchart updated from version 11.1.22 to 12.12.9).
+The database upgrade for the subchart by Bitnami isn't supported.

charts/sharedidp/values.yaml

@@ -52,7 +52,7 @@ keycloak:
       mountPath: "/realms"
   initContainers:
     - name: import
-      image: tractusx/portal-iam:v1.2.0
+      image: tractusx/portal-iam:v2.0.0-alpha
       imagePullPolicy: Always
       command:
         - sh

consortia/argocd-app-templates/centralidp/appsetup-beta.yaml

@@ -28,7 +28,7 @@ spec:
   source:
     path: charts/centralidp
     repoURL: 'https://github.com/eclipse-tractusx/portal-iam.git'
-    targetRevision: v1.2.0
+    targetRevision: v2.0.0-alpha
     plugin:
       env:
         - name: AVP_SECRET

consortia/argocd-app-templates/centralidp/appsetup-int.yaml

@@ -28,7 +28,7 @@ spec:
   source:
     path: charts/centralidp
     repoURL: 'https://github.com/eclipse-tractusx/portal-iam.git'
-    targetRevision: v1.2.0
+    targetRevision: v2.0.0-alpha
     plugin:
       env:
         - name: AVP_SECRET

consortia/argocd-app-templates/centralidp/appsetup-pen.yaml

@@ -28,7 +28,7 @@ spec:
   source:
     path: charts/centralidp
     repoURL: 'https://github.com/eclipse-tractusx/portal-iam.git'
-    targetRevision: v1.2.0
+    targetRevision: v2.0.0-alpha
     plugin:
       env:
         - name: AVP_SECRET

consortia/argocd-app-templates/centralidp/appsetup-rc.yaml

@@ -28,7 +28,7 @@ spec:
   source:
     path: charts/centralidp
     repoURL: 'https://github.com/eclipse-tractusx/portal-iam.git'
-    targetRevision: v1.2.0
+    targetRevision: v2.0.0-alpha
     plugin:
       env:
         - name: AVP_SECRET

consortia/argocd-app-templates/centralidp/appsetup-stable.yaml

@@ -37,7 +37,7 @@ spec:
             keycloak:
               initContainers:
                 - name: import
-                  image: tractusx/portal-iam-consortia:v1.2.0
+                  image: tractusx/portal-iam-consortia:v2.0.0-alpha
                   imagePullPolicy: Always
                   command:
                     - sh
@@ -83,7 +83,7 @@ spec:
               enabled: true
               initContainers:
                 - name: init-cx-central
-                  image: tractusx/portal-iam-consortia:v1.2.0
+                  image: tractusx/portal-iam-consortia:v2.0.0-alpha
                   imagePullPolicy: Always
                   command:
                     - sh

consortia/argocd-app-templates/centralidp/appsetup-templateconsortia.yaml

@@ -28,7 +28,7 @@ spec:
   source:
     path: charts/centralidp
     repoURL: 'https://github.com/eclipse-tractusx/portal-iam.git'
-    targetRevision: pr23-consortia
+    targetRevision: v2.0.0-alpha
     plugin:
       env:
         - name: AVP_SECRET

consortia/argocd-app-templates/centralidp/appsetup-templategeneric.yaml

@@ -28,7 +28,7 @@ spec:
   source:
     path: charts/centralidp
     repoURL: 'https://github.com/eclipse-tractusx/portal-iam.git'
-    targetRevision: fix/generic-template
+    targetRevision: v2.0.0-alpha
     plugin:
       env:
         - name: AVP_SECRET

consortia/argocd-app-templates/centralidp/appsetup-upgrade.yaml

@@ -28,7 +28,7 @@ spec:
   source:
     path: charts/centralidp
     repoURL: 'https://github.com/eclipse-tractusx/portal-iam.git'
-    targetRevision: pr20-consortia
+    targetRevision: v2.0.0-alpha
     plugin:
       env:
         - name: AVP_SECRET

consortia/argocd-app-templates/sharedidp/appsetup-beta.yaml

@@ -28,7 +28,7 @@ spec:
   source:
     path: charts/sharedidp
     repoURL: 'https://github.com/eclipse-tractusx/portal-iam.git'
-    targetRevision: v1.2.0
+    targetRevision: v2.0.0-alpha
     plugin:
       env:
         - name: AVP_SECRET

consortia/argocd-app-templates/sharedidp/appsetup-int.yaml

@@ -28,7 +28,7 @@ spec:
   source:
     path: charts/sharedidp
     repoURL: 'https://github.com/eclipse-tractusx/portal-iam.git'
-    targetRevision: v1.2.0
+    targetRevision: v2.0.0-alpha
     plugin:
       env:
         - name: AVP_SECRET

consortia/argocd-app-templates/sharedidp/appsetup-pen.yaml

@@ -28,7 +28,7 @@ spec:
   source:
     path: charts/sharedidp
     repoURL: 'https://github.com/eclipse-tractusx/portal-iam.git'
-    targetRevision: v1.2.0
+    targetRevision: v2.0.0-alpha
     plugin:
       env:
         - name: AVP_SECRET

consortia/argocd-app-templates/sharedidp/appsetup-rc.yaml

@@ -28,7 +28,7 @@ spec:
   source:
     path: charts/sharedidp
     repoURL: 'https://github.com/eclipse-tractusx/portal-iam.git'
-    targetRevision: v1.2.0
+    targetRevision: v2.0.0-alpha
     plugin:
       env:
         - name: AVP_SECRET

consortia/argocd-app-templates/sharedidp/appsetup-stable.yaml

@@ -56,7 +56,7 @@ spec:
                   mountPath: "/secrets"
               initContainers:
                 - name: import
-                  image: tractusx/portal-iam-consortia:v1.2.0
+                  image: tractusx/portal-iam-consortia:v2.0.0-alpha
                   imagePullPolicy: Always
                   command:
                     - sh

consortia/environments/centralidp/values-beta.yaml

@@ -22,7 +22,7 @@ keycloak:
   proxy: edge
   initContainers:
     - name: import
-      image: tractusx/portal-iam-consortia:v1.2.0
+      image: tractusx/portal-iam-consortia:v2.0.0-alpha
       imagePullPolicy: Always
       command:
         - sh

consortia/environments/centralidp/values-int.yaml

@@ -22,7 +22,7 @@ keycloak:
   proxy: edge
   initContainers:
     - name: import
-      image: tractusx/portal-iam-consortia:v1.2.0
+      image: tractusx/portal-iam-consortia:v2.0.0-alpha
       imagePullPolicy: Always
       command:
         - sh

consortia/environments/centralidp/values-pen.yaml

@@ -22,7 +22,7 @@ keycloak:
   proxy: edge
   initContainers:
     - name: import
-      image: tractusx/portal-iam-consortia:v1.2.0
+      image: tractusx/portal-iam-consortia:v2.0.0-alpha
       imagePullPolicy: Always
       command:
         - sh

consortia/environments/centralidp/values-rc.yaml

@@ -22,7 +22,7 @@ keycloak:
   proxy: edge
   initContainers:
     - name: import
-      image: tractusx/portal-iam-consortia:v1.2.0
+      image: tractusx/portal-iam-consortia:v2.0.0-alpha
       imagePullPolicy: Always
       command:
         - sh

consortia/environments/centralidp/values-templateconsortia.yaml

@@ -22,7 +22,7 @@ keycloak:
   proxy: edge
   initContainers:
     - name: import
-      image: tractusx/portal-iam-consortia:pr23-consortia
+      image: tractusx/portal-iam-consortia:v2.0.0-alpha
       imagePullPolicy: Always
       command:
         - sh

consortia/environments/centralidp/values-templategeneric.yaml

@@ -22,7 +22,7 @@ keycloak:
   proxy: edge
   initContainers:
     - name: import
-      image: tractusx/portal-iam:v1.2.0
+      image: tractusx/portal-iam:v2.0.0-alpha
       imagePullPolicy: Always
       command:
         - sh

consortia/environments/centralidp/values-upgrade.yaml

@@ -22,7 +22,7 @@ keycloak:
   proxy: edge
   initContainers:
     - name: import
-      image: tractusx/portal-iam-consortia:pr20-consortia
+      image: tractusx/portal-iam-consortia:v2.0.0-alpha
       imagePullPolicy: Always
       command:
         - sh

consortia/environments/sharedidp/values-beta.yaml

@@ -41,7 +41,7 @@ keycloak:
       mountPath: "/secrets"
   initContainers:
     - name: import
-      image: tractusx/portal-iam-consortia:v1.2.0
+      image: tractusx/portal-iam-consortia:v2.0.0-alpha
       imagePullPolicy: Always
       command:
         - sh