feat!: upgrade to keycloak version 25

README.md

@@ -4,7 +4,7 @@
 
 This repository contains the reference configuration to deploy the Catena-X (CX) specific Keycloak instances.
 
-The instances depend on the [helm chart from Bitnami](https://artifacthub.io/packages/helm/bitnami/keycloak) (chart version 19.3.0, app version 23.0.7).
+The instances depend on the [helm chart from Bitnami](https://artifacthub.io/packages/helm/bitnami/keycloak) (chart version 23.0.0, app version 25.0.6).
 
 The repository is split up in:
 

charts/centralidp/Chart.yaml

@@ -21,12 +21,12 @@ apiVersion: v2
 name: centralidp
 type: application
 version: 4.0.0-alpha.2
-appVersion: 23.0.7
+appVersion: 25.0.6
 description: Helm chart for Central Keycloak Instance
 home: https://github.com/eclipse-tractusx/portal-iam
 sources:
   - https://github.com/eclipse-tractusx/portal-iam
 dependencies:
   - name: keycloak
     repository: https://raw.githubusercontent.com/bitnami/charts/archive-full-index/bitnami
-    version: 19.3.0
+    version: 23.0.0

charts/centralidp/README.md

@@ -1,6 +1,6 @@
 # Helm chart for Central Keycloak Instance
 
-![Version: 4.0.0-alpha.2](https://img.shields.io/badge/Version-4.0.0--alpha.2-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 23.0.7](https://img.shields.io/badge/AppVersion-23.0.7-informational?style=flat-square)
+![Version: 4.0.0-alpha.2](https://img.shields.io/badge/Version-4.0.0--alpha.2-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 25.0.6](https://img.shields.io/badge/AppVersion-25.0.6-informational?style=flat-square)
 
 This helm chart installs the Helm chart for Central Keycloak Instance.
 
@@ -36,7 +36,7 @@ dependencies:
 
 | Repository | Name | Version |
 |------------|------|---------|
-| https://raw.githubusercontent.com/bitnami/charts/archive-full-index/bitnami | keycloak | 19.3.0 |
+| https://raw.githubusercontent.com/bitnami/charts/archive-full-index/bitnami | keycloak | 23.0.0 |
 
 ## Values
 
@@ -46,7 +46,6 @@ dependencies:
 | keycloak.auth.adminPassword | string | `""` | centralidp Keycloak administrator password. |
 | keycloak.auth.existingSecret | string | `""` | Secret containing the password for admin username 'admin'. |
 | keycloak.production | bool | `false` | Run Keycloak in production mode. TLS configuration is required except when using proxy=edge. |
-| keycloak.proxy | string | `"passthrough"` | reverse Proxy mode edge, reencrypt, passthrough or none; ref: https://www.keycloak.org/server/reverseproxy; If your ingress controller has the SSL Termination, you should set proxy to edge. |
 | keycloak.httpRelativePath | string | `"/auth/"` | Setting the path relative to '/' for serving resources: as we're migrating from 16.1.1 version which was using the trailing 'auth', we're setting it to '/auth/'. ref: https://www.keycloak.org/migration/migrating-to-quarkus#_default_context_path_changed |
 | keycloak.replicaCount | int | `1` |  |
 | keycloak.extraVolumes[0].name | string | `"themes"` |  |
@@ -111,7 +110,8 @@ Please see notes at [Values.seeding](values.yaml#L153) for upgrading the configu
 
 ### To 4.0.0
 
-Documentation is WIP.
+This major changes from the Keycloak version from  23.0.7 to 25.0.6.
+No major issues are expected during the upgrade. Nonetheless, a blue-green deployment approach - [as outlined for previous major version upgrades](#upgrade-approach) -  is recommended.
 
 ### To 3.0.1
 

charts/centralidp/README.md.gotmpl

@@ -44,7 +44,8 @@ Please see notes at [Values.seeding](values.yaml#L153) for upgrading the configu
 
 ### To 4.0.0
 
-Documentation is WIP.
+This major changes from the Keycloak version from  23.0.7 to 25.0.6.
+No major issues are expected during the upgrade. Nonetheless, a blue-green deployment approach - [as outlined for previous major version upgrades](#upgrade-approach) -  is recommended.
 
 ### To 3.0.1
 

charts/centralidp/values.yaml

@@ -26,10 +26,6 @@ keycloak:
     existingSecret: ""
   # -- Run Keycloak in production mode. TLS configuration is required except when using proxy=edge.
   production: false
-  # -- reverse Proxy mode edge, reencrypt, passthrough or none;
-  # ref: https://www.keycloak.org/server/reverseproxy;
-  # If your ingress controller has the SSL Termination, you should set proxy to edge.
-  proxy: passthrough
   # -- Setting the path relative to '/' for serving resources:
   # as we're migrating from 16.1.1 version which was using the trailing 'auth', we're setting it to '/auth/'.
   # ref: https://www.keycloak.org/migration/migrating-to-quarkus#_default_context_path_changed

charts/sharedidp/Chart.yaml

@@ -21,12 +21,12 @@ apiVersion: v2
 name: sharedidp
 type: application
 version: 4.0.0-alpha.1
-appVersion: 23.0.7
+appVersion: 25.0.6
 description: Helm chart for Shared Keycloak Instance
 home: https://github.com/eclipse-tractusx/portal-iam
 sources:
   - https://github.com/eclipse-tractusx/portal-iam
 dependencies:
   - name: keycloak
     repository: https://raw.githubusercontent.com/bitnami/charts/archive-full-index/bitnami
-    version: 19.3.0
+    version: 23.0.0

charts/sharedidp/README.md

@@ -1,6 +1,6 @@
 # Helm chart for Shared Keycloak Instance
 
-![Version: 4.0.0-alpha.1](https://img.shields.io/badge/Version-4.0.0--alpha.1-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 23.0.7](https://img.shields.io/badge/AppVersion-23.0.7-informational?style=flat-square)
+![Version: 4.0.0-alpha.1](https://img.shields.io/badge/Version-4.0.0--alpha.1-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 25.0.6](https://img.shields.io/badge/AppVersion-25.0.6-informational?style=flat-square)
 
 This helm chart installs the Helm chart for Shared Keycloak Instance.
 
@@ -36,7 +36,7 @@ dependencies:
 
 | Repository | Name | Version |
 |------------|------|---------|
-| https://raw.githubusercontent.com/bitnami/charts/archive-full-index/bitnami | keycloak | 19.3.0 |
+| https://raw.githubusercontent.com/bitnami/charts/archive-full-index/bitnami | keycloak | 23.0.0 |
 
 ## Values
 
@@ -46,7 +46,6 @@ dependencies:
 | keycloak.auth.adminPassword | string | `""` | sharedidp Keycloak administrator password. |
 | keycloak.auth.existingSecret | string | `""` | Secret containing the password for admin username 'admin'. |
 | keycloak.production | bool | `false` | Run Keycloak in production mode. TLS configuration is required except when using proxy=edge. |
-| keycloak.proxy | string | `"passthrough"` | reverse Proxy mode edge, reencrypt, passthrough or none; ref: https://www.keycloak.org/server/reverseproxy; If your ingress controller has the SSL Termination, you should set proxy to edge. |
 | keycloak.httpRelativePath | string | `"/auth/"` | Setting the path relative to '/' for serving resources: as we're migrating from 16.1.1 version which was using the trailing 'auth', we're setting it to '/auth/'. ref: https://www.keycloak.org/migration/migrating-to-quarkus#_default_context_path_changed |
 | keycloak.replicaCount | int | `1` |  |
 | keycloak.extraVolumes[0].name | string | `"themes-catenax-shared"` |  |
@@ -118,7 +117,8 @@ Autogenerated with [helm docs](https://github.com/norwoodj/helm-docs)
 
 ### To 4.0.0
 
-Documentation is WIP.
+This major changes from the Keycloak version from  23.0.7 to 25.0.6.
+No major issues are expected during the upgrade. Nonetheless, a blue-green deployment approach - [as outlined for previous major version upgrades](#upgrade-approach) -  is recommended.
 
 ### To 3.0.1
 

charts/sharedidp/README.md.gotmpl

@@ -42,7 +42,8 @@ Autogenerated with [helm docs](https://github.com/norwoodj/helm-docs)
 
 ### To 4.0.0
 
-Documentation is WIP.
+This major changes from the Keycloak version from  23.0.7 to 25.0.6.
+No major issues are expected during the upgrade. Nonetheless, a blue-green deployment approach - [as outlined for previous major version upgrades](#upgrade-approach) -  is recommended.
 
 ### To 3.0.1
 

charts/sharedidp/templates/job-seeding.yaml

@@ -126,6 +126,8 @@ spec:
               secretKeyRef:
                 name: "{{ template "sharedidp.secret.realmSeeding.cxOperator" . }}"
                 key: "initial-user-password"
+          - name: "KEYCLOAKSEEDING__REALMS__0__USERS__0__REALMROLES__0"
+            value: "default-roles-cx-operator"
 
           #############################
           ## CX-OPERATOR MAIL CONFIG

charts/sharedidp/values.yaml

@@ -26,10 +26,6 @@ keycloak:
     existingSecret: ""
   # -- Run Keycloak in production mode. TLS configuration is required except when using proxy=edge.
   production: false
-  # -- reverse Proxy mode edge, reencrypt, passthrough or none;
-  # ref: https://www.keycloak.org/server/reverseproxy;
-  # If your ingress controller has the SSL Termination, you should set proxy to edge.
-  proxy: passthrough
   # -- Setting the path relative to '/' for serving resources:
   # as we're migrating from 16.1.1 version which was using the trailing 'auth', we're setting it to '/auth/'.
   # ref: https://www.keycloak.org/migration/migrating-to-quarkus#_default_context_path_changed

environments/helm-values/centralidp/values-int.yaml

@@ -19,7 +19,6 @@
 
 keycloak:
   production: true
-  proxy: edge
   auth:
     adminPassword: "<path:portal/data/int/iam/centralidp-keycloak#admin-password>"
   ingress:

environments/helm-values/centralidp/values-stable.yaml

@@ -19,7 +19,6 @@
 
 keycloak:
   production: true
-  proxy: edge
   auth:
     adminPassword: "<path:portal/data/stable/iam/centralidp-keycloak#admin-password>"
   ingress: