projectsyn
diff --git a/‎class/defaults.yml
Lines changed: 2 additions & 2 deletions b/‎class/defaults.yml
Lines changed: 2 additions & 2 deletions
diff --git a/‎tests/golden/builtin/builtin/builtin/01_keycloak_helmchart/keycloakx/templates/ingress.yaml
Lines changed: 1 addition & 1 deletion b/‎tests/golden/builtin/builtin/builtin/01_keycloak_helmchart/keycloakx/templates/ingress.yaml
Lines changed: 1 addition & 1 deletion
diff --git a/‎tests/golden/builtin/builtin/builtin/01_keycloak_helmchart/keycloakx/templates/networkpolicy.yaml
Lines changed: 1 addition & 1 deletion b/‎tests/golden/builtin/builtin/builtin/01_keycloak_helmchart/keycloakx/templates/networkpolicy.yaml
Lines changed: 1 addition & 1 deletion
diff --git a/‎tests/golden/builtin/builtin/builtin/01_keycloak_helmchart/keycloakx/templates/prometheusrule.yaml
Lines changed: 1 addition & 1 deletion b/‎tests/golden/builtin/builtin/builtin/01_keycloak_helmchart/keycloakx/templates/prometheusrule.yaml
Lines changed: 1 addition & 1 deletion
diff --git a/‎tests/golden/builtin/builtin/builtin/01_keycloak_helmchart/keycloakx/templates/service-headless.yaml
Lines changed: 1 addition & 1 deletion b/‎tests/golden/builtin/builtin/builtin/01_keycloak_helmchart/keycloakx/templates/service-headless.yaml
Lines changed: 1 addition & 1 deletion
diff --git a/‎tests/golden/builtin/builtin/builtin/01_keycloak_helmchart/keycloakx/templates/service-http.yaml
Lines changed: 5 additions & 1 deletion b/‎tests/golden/builtin/builtin/builtin/01_keycloak_helmchart/keycloakx/templates/service-http.yaml
Lines changed: 5 additions & 1 deletion
diff --git a/‎tests/golden/builtin/builtin/builtin/01_keycloak_helmchart/keycloakx/templates/serviceaccount.yaml
Lines changed: 1 addition & 1 deletion b/‎tests/golden/builtin/builtin/builtin/01_keycloak_helmchart/keycloakx/templates/serviceaccount.yaml
Lines changed: 1 addition & 1 deletion
diff --git a/‎tests/golden/builtin/builtin/builtin/01_keycloak_helmchart/keycloakx/templates/servicemonitor.yaml
Lines changed: 1 addition & 1 deletion b/‎tests/golden/builtin/builtin/builtin/01_keycloak_helmchart/keycloakx/templates/servicemonitor.yaml
Lines changed: 1 addition & 1 deletion
diff --git a/‎tests/golden/builtin/builtin/builtin/01_keycloak_helmchart/keycloakx/templates/statefulset.yaml
Lines changed: 1 addition & 1 deletion b/‎tests/golden/builtin/builtin/builtin/01_keycloak_helmchart/keycloakx/templates/statefulset.yaml
Lines changed: 1 addition & 1 deletion
diff --git a/‎tests/golden/builtin/builtin/builtin/01_keycloak_helmchart/postgresql/templates/primary/networkpolicy.yaml
Lines changed: 9 additions & 9 deletions b/‎tests/golden/builtin/builtin/builtin/01_keycloak_helmchart/postgresql/templates/primary/networkpolicy.yaml
Lines changed: 9 additions & 9 deletions
diff --git a/‎tests/golden/builtin/builtin/builtin/01_keycloak_helmchart/postgresql/templates/primary/pdb.yaml
Lines changed: 19 additions & 0 deletions b/‎tests/golden/builtin/builtin/builtin/01_keycloak_helmchart/postgresql/templates/primary/pdb.yaml
Lines changed: 19 additions & 0 deletions
diff --git a/‎tests/golden/builtin/builtin/builtin/01_keycloak_helmchart/postgresql/templates/primary/statefulset.yaml
Lines changed: 51 additions & 20 deletions b/‎tests/golden/builtin/builtin/builtin/01_keycloak_helmchart/postgresql/templates/primary/statefulset.yaml
Lines changed: 51 additions & 20 deletions
diff --git a/‎tests/golden/builtin/builtin/builtin/01_keycloak_helmchart/postgresql/templates/primary/svc-headless.yaml
Lines changed: 3 additions & 4 deletions b/‎tests/golden/builtin/builtin/builtin/01_keycloak_helmchart/postgresql/templates/primary/svc-headless.yaml
Lines changed: 3 additions & 4 deletions
diff --git a/‎tests/golden/builtin/builtin/builtin/01_keycloak_helmchart/postgresql/templates/primary/svc.yaml
Lines changed: 2 additions & 2 deletions b/‎tests/golden/builtin/builtin/builtin/01_keycloak_helmchart/postgresql/templates/primary/svc.yaml
Lines changed: 2 additions & 2 deletions
diff --git a/‎tests/golden/builtin/builtin/builtin/01_keycloak_helmchart/postgresql/templates/serviceaccount.yaml
Lines changed: 12 additions & 0 deletions b/‎tests/golden/builtin/builtin/builtin/01_keycloak_helmchart/postgresql/templates/serviceaccount.yaml
Lines changed: 12 additions & 0 deletions
diff --git a/‎tests/golden/external/external/external/01_keycloak_helmchart/keycloakx/templates/ingress.yaml
Lines changed: 1 addition & 1 deletion b/‎tests/golden/external/external/external/01_keycloak_helmchart/keycloakx/templates/ingress.yaml
Lines changed: 1 addition & 1 deletion
diff --git a/‎tests/golden/external/external/external/01_keycloak_helmchart/keycloakx/templates/networkpolicy.yaml
Lines changed: 1 addition & 1 deletion b/‎tests/golden/external/external/external/01_keycloak_helmchart/keycloakx/templates/networkpolicy.yaml
Lines changed: 1 addition & 1 deletion
diff --git a/‎tests/golden/external/external/external/01_keycloak_helmchart/keycloakx/templates/prometheusrule.yaml
Lines changed: 1 addition & 1 deletion b/‎tests/golden/external/external/external/01_keycloak_helmchart/keycloakx/templates/prometheusrule.yaml
Lines changed: 1 addition & 1 deletion
diff --git a/‎tests/golden/external/external/external/01_keycloak_helmchart/keycloakx/templates/service-headless.yaml
Lines changed: 1 addition & 1 deletion b/‎tests/golden/external/external/external/01_keycloak_helmchart/keycloakx/templates/service-headless.yaml
Lines changed: 1 addition & 1 deletion
diff --git a/‎tests/golden/external/external/external/01_keycloak_helmchart/keycloakx/templates/service-http.yaml
Lines changed: 5 additions & 1 deletion b/‎tests/golden/external/external/external/01_keycloak_helmchart/keycloakx/templates/service-http.yaml
Lines changed: 5 additions & 1 deletion
diff --git a/‎tests/golden/external/external/external/01_keycloak_helmchart/keycloakx/templates/serviceaccount.yaml
Lines changed: 1 addition & 1 deletion b/‎tests/golden/external/external/external/01_keycloak_helmchart/keycloakx/templates/serviceaccount.yaml
Lines changed: 1 addition & 1 deletion
diff --git a/‎tests/golden/external/external/external/01_keycloak_helmchart/keycloakx/templates/servicemonitor.yaml
Lines changed: 1 addition & 1 deletion b/‎tests/golden/external/external/external/01_keycloak_helmchart/keycloakx/templates/servicemonitor.yaml
Lines changed: 1 addition & 1 deletion
@@ -61,10 +61,10 @@ parameters:
     charts:
       keycloakx:
         source: https://codecentric.github.io/helm-charts
-        version: 2.5.1
+        version: 7.0.1
       postgresql:
         source: https://charts.bitnami.com/bitnami
-        version: 12.12.10
+        version: 16.6.6
     # FQDN should be overwritten on the cluster level
     fqdn: keycloak.example.com
     # Default path since Quarkus is "/" rather than "/auth"
 
@@ -11,7 +11,7 @@ metadata:
     app.kubernetes.io/managed-by: commodore
     app.kubernetes.io/name: keycloak
     app.kubernetes.io/version: 25.0.6
-    helm.sh/chart: keycloakx-2.5.1
+    helm.sh/chart: keycloakx-7.0.1
   name: keycloakx
   namespace: syn-builtin
 spec:
 
@@ -6,7 +6,7 @@ metadata:
     app.kubernetes.io/managed-by: Helm
     app.kubernetes.io/name: keycloakx
     app.kubernetes.io/version: 25.0.6
-    helm.sh/chart: keycloakx-2.5.1
+    helm.sh/chart: keycloakx-7.0.1
   name: keycloakx
   namespace: syn-builtin
 spec:
 
@@ -7,7 +7,7 @@ metadata:
     app.kubernetes.io/managed-by: commodore
     app.kubernetes.io/name: keycloak
     app.kubernetes.io/version: 25.0.6
-    helm.sh/chart: keycloakx-2.5.1
+    helm.sh/chart: keycloakx-7.0.1
   name: keycloakx
   namespace: syn-builtin
 spec:
 
@@ -7,7 +7,7 @@ metadata:
     app.kubernetes.io/managed-by: Helm
     app.kubernetes.io/name: keycloakx
     app.kubernetes.io/version: 25.0.6
-    helm.sh/chart: keycloakx-2.5.1
+    helm.sh/chart: keycloakx-7.0.1
   name: keycloakx-headless
   namespace: syn-builtin
 spec:
 
@@ -7,11 +7,15 @@ metadata:
     app.kubernetes.io/managed-by: commodore
     app.kubernetes.io/name: keycloak
     app.kubernetes.io/version: 25.0.6
-    helm.sh/chart: keycloakx-2.5.1
+    helm.sh/chart: keycloakx-7.0.1
   name: keycloakx-http
   namespace: syn-builtin
 spec:
   ports:
+    - name: http-internal
+      port: 9000
+      protocol: TCP
+      targetPort: http-internal
     - name: http
       port: 8080
       protocol: TCP
 
@@ -9,6 +9,6 @@ metadata:
     app.kubernetes.io/managed-by: commodore
     app.kubernetes.io/name: keycloak
     app.kubernetes.io/version: 25.0.6
-    helm.sh/chart: keycloakx-2.5.1
+    helm.sh/chart: keycloakx-7.0.1
   name: keycloakx
   namespace: syn-builtin
@@ -7,7 +7,7 @@ metadata:
     app.kubernetes.io/managed-by: commodore
     app.kubernetes.io/name: keycloak
     app.kubernetes.io/version: 25.0.6
-    helm.sh/chart: keycloakx-2.5.1
+    helm.sh/chart: keycloakx-7.0.1
   name: keycloakx-keycloakx
   namespace: syn-builtin
 spec:
 
@@ -7,7 +7,7 @@ metadata:
     app.kubernetes.io/managed-by: commodore
     app.kubernetes.io/name: keycloak
     app.kubernetes.io/version: 25.0.6
-    helm.sh/chart: keycloakx-2.5.1
+    helm.sh/chart: keycloakx-7.0.1
   name: keycloakx
   namespace: syn-builtin
 spec:
 
@@ -6,21 +6,21 @@ metadata:
     app.kubernetes.io/instance: keycloak
     app.kubernetes.io/managed-by: Helm
     app.kubernetes.io/name: postgresql
-    app.kubernetes.io/version: 15.4.0
-    helm.sh/chart: postgresql-12.12.10
-  name: keycloak-postgresql-ingress
+    app.kubernetes.io/version: 17.4.0
+    helm.sh/chart: postgresql-16.6.6
+  name: keycloak-postgresql
   namespace: syn-builtin
 spec:
+  egress:
+    - {}
   ingress:
-    - from:
-        - podSelector:
-            matchLabels:
-              app.kubernetes.io/instance: keycloakx
-              app.kubernetes.io/name: keycloakx
-      ports:
+    - ports:
         - port: 5432
   podSelector:
     matchLabels:
       app.kubernetes.io/component: primary
       app.kubernetes.io/instance: keycloak
       app.kubernetes.io/name: postgresql
+  policyTypes:
+    - Ingress
+    - Egress
@@ -0,0 +1,19 @@
+apiVersion: policy/v1
+kind: PodDisruptionBudget
+metadata:
+  labels:
+    app.kubernetes.io/component: primary
+    app.kubernetes.io/instance: builtin
+    app.kubernetes.io/managed-by: commodore
+    app.kubernetes.io/name: keycloak
+    app.kubernetes.io/version: 17.4.0
+    helm.sh/chart: postgresql-16.6.6
+  name: keycloak-postgresql
+  namespace: syn-builtin
+spec:
+  maxUnavailable: 1
+  selector:
+    matchLabels:
+      app.kubernetes.io/component: primary
+      app.kubernetes.io/instance: keycloak
+      app.kubernetes.io/name: postgresql
@@ -6,8 +6,8 @@ metadata:
     app.kubernetes.io/instance: builtin
     app.kubernetes.io/managed-by: commodore
     app.kubernetes.io/name: keycloak
-    app.kubernetes.io/version: 15.4.0
-    helm.sh/chart: postgresql-12.12.10
+    app.kubernetes.io/version: 17.4.0
+    helm.sh/chart: postgresql-16.6.6
   name: keycloak-postgresql
   namespace: syn-builtin
 spec:
@@ -29,8 +29,8 @@ spec:
         app.kubernetes.io/instance: keycloak
         app.kubernetes.io/managed-by: Helm
         app.kubernetes.io/name: postgresql
-        app.kubernetes.io/version: 15.4.0
-        helm.sh/chart: postgresql-12.12.10
+        app.kubernetes.io/version: 17.4.0
+        helm.sh/chart: postgresql-16.6.6
       name: keycloak-postgresql
     spec:
       affinity:
@@ -46,6 +46,7 @@ spec:
                     app.kubernetes.io/name: postgresql
                 topologyKey: kubernetes.io/hostname
               weight: 1
+      automountServiceAccountToken: false
       containers:
         - env:
             - name: BITNAMI_DEBUG
@@ -58,16 +59,10 @@ spec:
               value: /bitnami/postgresql/data
             - name: POSTGRES_USER
               value: keycloak
-            - name: POSTGRES_PASSWORD
-              valueFrom:
-                secretKeyRef:
-                  key: password
-                  name: keycloak-postgresql
-            - name: POSTGRES_POSTGRES_PASSWORD
-              valueFrom:
-                secretKeyRef:
-                  key: postgres-password
-                  name: keycloak-postgresql
+            - name: POSTGRES_PASSWORD_FILE
+              value: /opt/bitnami/postgresql/secrets/password
+            - name: POSTGRES_POSTGRES_PASSWORD_FILE
+              value: /opt/bitnami/postgresql/secrets/postgres-password
             - name: POSTGRES_DATABASE
               value: keycloak
             - name: POSTGRESQL_ENABLE_LDAP
@@ -125,20 +120,38 @@ spec:
             successThreshold: 1
             timeoutSeconds: 5
           resources:
-            limits: {}
+            limits:
+              cpu: 150m
+              ephemeral-storage: 2Gi
+              memory: 192Mi
             requests:
-              cpu: 250m
-              memory: 256Mi
+              cpu: 100m
+              ephemeral-storage: 50Mi
+              memory: 128Mi
           securityContext:
             allowPrivilegeEscalation: false
             capabilities:
               drop:
                 - ALL
+            privileged: false
+            readOnlyRootFilesystem: true
             runAsNonRoot: true
             runAsUser: 1001
+            seLinuxOptions: {}
             seccompProfile:
               type: RuntimeDefault
           volumeMounts:
+            - mountPath: /tmp
+              name: empty-dir
+              subPath: tmp-dir
+            - mountPath: /opt/bitnami/postgresql/conf
+              name: empty-dir
+              subPath: app-conf-dir
+            - mountPath: /opt/bitnami/postgresql/tmp
+              name: empty-dir
+              subPath: app-tmp-dir
+            - mountPath: /opt/bitnami/postgresql/secrets/
+              name: postgresql-password
             - mountPath: /opt/bitnami/postgresql/certs
               name: postgresql-certificates
               readOnly: true
@@ -166,15 +179,25 @@ spec:
           imagePullPolicy: IfNotPresent
           name: init-chmod-data
           resources:
-            limits: {}
-            requests: {}
+            limits:
+              cpu: 150m
+              ephemeral-storage: 2Gi
+              memory: 192Mi
+            requests:
+              cpu: 100m
+              ephemeral-storage: 50Mi
+              memory: 128Mi
           securityContext:
             runAsGroup: 0
             runAsNonRoot: false
             runAsUser: 0
+            seLinuxOptions: {}
             seccompProfile:
               type: RuntimeDefault
           volumeMounts:
+            - mountPath: /tmp
+              name: empty-dir
+              subPath: tmp-dir
             - mountPath: /bitnami/postgresql
               name: data
             - mountPath: /dev/shm
@@ -185,8 +208,16 @@ spec:
               name: postgresql-certificates
       securityContext:
         fsGroup: 1001
-      serviceAccountName: default
+        fsGroupChangePolicy: Always
+        supplementalGroups: []
+        sysctls: []
+      serviceAccountName: keycloak-postgresql
       volumes:
+        - emptyDir: {}
+          name: empty-dir
+        - name: postgresql-password
+          secret:
+            secretName: keycloak-postgresql
         - name: raw-certificates
           secret:
             secretName: keycloak-postgresql-tls
 
@@ -1,15 +1,14 @@
 apiVersion: v1
 kind: Service
 metadata:
-  annotations:
-    service.alpha.kubernetes.io/tolerate-unready-endpoints: 'true'
+  annotations: null
   labels:
     app.kubernetes.io/component: primary
     app.kubernetes.io/instance: keycloak
     app.kubernetes.io/managed-by: Helm
     app.kubernetes.io/name: postgresql
-    app.kubernetes.io/version: 15.4.0
-    helm.sh/chart: postgresql-12.12.10
+    app.kubernetes.io/version: 17.4.0
+    helm.sh/chart: postgresql-16.6.6
   name: keycloak-postgresql-hl
   namespace: syn-builtin
 spec:
 
@@ -6,8 +6,8 @@ metadata:
     app.kubernetes.io/instance: keycloak
     app.kubernetes.io/managed-by: Helm
     app.kubernetes.io/name: postgresql
-    app.kubernetes.io/version: 15.4.0
-    helm.sh/chart: postgresql-12.12.10
+    app.kubernetes.io/version: 17.4.0
+    helm.sh/chart: postgresql-16.6.6
   name: keycloak-postgresql
   namespace: syn-builtin
 spec:
 
@@ -0,0 +1,12 @@
+apiVersion: v1
+automountServiceAccountToken: false
+kind: ServiceAccount
+metadata:
+  labels:
+    app.kubernetes.io/instance: keycloak
+    app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: postgresql
+    app.kubernetes.io/version: 17.4.0
+    helm.sh/chart: postgresql-16.6.6
+  name: keycloak-postgresql
+  namespace: syn-builtin
@@ -10,7 +10,7 @@ metadata:
     app.kubernetes.io/managed-by: commodore
     app.kubernetes.io/name: keycloak
     app.kubernetes.io/version: 25.0.6
-    helm.sh/chart: keycloakx-2.5.1
+    helm.sh/chart: keycloakx-7.0.1
   name: keycloakx
   namespace: syn-external
 spec:
 
@@ -6,7 +6,7 @@ metadata:
     app.kubernetes.io/managed-by: Helm
     app.kubernetes.io/name: keycloakx
     app.kubernetes.io/version: 25.0.6
-    helm.sh/chart: keycloakx-2.5.1
+    helm.sh/chart: keycloakx-7.0.1
   name: keycloakx
   namespace: syn-external
 spec:
 
@@ -7,7 +7,7 @@ metadata:
     app.kubernetes.io/managed-by: commodore
     app.kubernetes.io/name: keycloak
     app.kubernetes.io/version: 25.0.6
-    helm.sh/chart: keycloakx-2.5.1
+    helm.sh/chart: keycloakx-7.0.1
   name: keycloakx
   namespace: syn-external
 spec:
 
@@ -7,7 +7,7 @@ metadata:
     app.kubernetes.io/managed-by: Helm
     app.kubernetes.io/name: keycloakx
     app.kubernetes.io/version: 25.0.6
-    helm.sh/chart: keycloakx-2.5.1
+    helm.sh/chart: keycloakx-7.0.1
   name: keycloakx-headless
   namespace: syn-external
 spec:
 
@@ -7,11 +7,15 @@ metadata:
     app.kubernetes.io/managed-by: commodore
     app.kubernetes.io/name: keycloak
     app.kubernetes.io/version: 25.0.6
-    helm.sh/chart: keycloakx-2.5.1
+    helm.sh/chart: keycloakx-7.0.1
   name: keycloakx-http
   namespace: syn-external
 spec:
   ports:
+    - name: http-internal
+      port: 9000
+      protocol: TCP
+      targetPort: http-internal
     - name: http
       port: 8080
       protocol: TCP
 
@@ -9,6 +9,6 @@ metadata:
     app.kubernetes.io/managed-by: commodore
     app.kubernetes.io/name: keycloak
     app.kubernetes.io/version: 25.0.6
-    helm.sh/chart: keycloakx-2.5.1
+    helm.sh/chart: keycloakx-7.0.1
   name: keycloakx
   namespace: syn-external
@@ -7,7 +7,7 @@ metadata:
     app.kubernetes.io/managed-by: commodore
     app.kubernetes.io/name: keycloak
     app.kubernetes.io/version: 25.0.6
-    helm.sh/chart: keycloakx-2.5.1
+    helm.sh/chart: keycloakx-7.0.1
   name: keycloakx-keycloakx
   namespace: syn-external
 spec: