chore(chart-deps): update keycloak to version 7.1.9

apps.yaml

@@ -107,7 +107,7 @@ appsInfo:
     integration: App Platform has security best practices built in, and is designed for intrusion. Istio is used by App Platform as a service mesh to deliver mTLS enforcement for all traffic that is deemed compromisable, egress control to force teams to choose explicit egress endpoints, and advanced routing capabilities such as weight based load balancing (A/B or blue/green testing). Istio is part of the core of App Platform and can not be disabled.
   keycloak:
     title: Keycloak
-    appVersion: 26.5.3
+    appVersion: 26.5.5
     repo: https://github.com/keycloak/keycloak
     maintainers: Keycloak
     relatedLinks:

chart/chart-index/Chart.yaml

@@ -53,7 +53,7 @@ dependencies:
     repository: https://istio-release.storage.googleapis.com/charts
   - name: keycloakx
     alias: keycloak
-    version: 7.1.8
+    version: 7.1.9
     repository: https://codecentric.github.io/helm-charts
   - name: knative-operator
     version: v1.18.1

charts/keycloak/Chart.yaml

@@ -1,5 +1,5 @@
 apiVersion: v2
-appVersion: 26.5.3
+appVersion: 26.5.5
 description: Keycloak.X - Open Source Identity and Access Management for Modern Applications
   and Services
 home: https://www.keycloak.org/
@@ -21,4 +21,4 @@ name: keycloakx
 sources:
 - https://github.com/codecentric/helm-charts
 - https://github.com/keycloak/keycloak/tree/main/quarkus/container
-version: 7.1.8
+version: 7.1.9

charts/keycloak/templates/httproute.yaml

@@ -0,0 +1,99 @@
+{{- $httpRoute := .Values.httpRoute -}}
+{{- if $httpRoute.enabled -}}
+apiVersion: gateway.networking.k8s.io/v1
+kind: HTTPRoute
+metadata:
+  name: {{ include "keycloak.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    {{- include "keycloak.labels" . | nindent 4 }}
+    {{- range $key, $value := $httpRoute.labels }}
+    {{- printf "%s: %s" $key (tpl $value $ | quote) | nindent 4 }}
+    {{- end }}
+  {{- with $httpRoute.annotations }}
+  annotations:
+    {{- toYaml . | nindent 4 }}
+  {{- end }}
+spec:
+  parentRefs:
+    {{- with $httpRoute.parentRefs }}
+      {{- toYaml . | nindent 4 }}
+    {{- end }}
+  {{- with $httpRoute.hostnames }}
+  hostnames:
+    {{- toYaml . | nindent 4 }}
+  {{- end }}
+  rules:
+    {{- range $httpRoute.rules }}
+    {{- with .matches }}
+    - matches:
+      {{- range . }}
+      {{- if .path }}
+        - path:
+            type: {{ .path.type }}
+            value: {{ tpl .path.value $ }}
+        {{- end }}
+      {{- else }}
+      {{ . | toYaml | nindent 8 }}
+      {{- end }}
+      {{- end }}
+    {{- with .filters }}
+      filters:
+      {{- toYaml . | nindent 8 }}
+    {{- end }}
+      backendRefs:
+        - name: {{ include "keycloak.fullname" $ }}-http
+          port: {{ $httpRoute.servicePort }}
+    {{- end }}
+{{- end }}
+---
+{{- if $httpRoute.console.enabled -}}
+apiVersion: gateway.networking.k8s.io/v1
+kind: HTTPRoute
+metadata:
+  name: {{ include "keycloak.fullname" . }}-console
+  namespace: {{ .Release.Namespace }}
+  labels:
+    {{- include "keycloak.labels" . | nindent 4 }}
+    {{- range $key, $value := $httpRoute.labels }}
+    {{- printf "%s: %s" $key (tpl $value $ | quote) | nindent 4 }}
+    {{- end }}
+    {{- range $key, $value := $httpRoute.console.labels }}
+    {{- printf "%s: %s" $key (tpl $value $ | quote) | nindent 4 }}
+    {{- end }}
+  {{- with $httpRoute.console.annotations }}
+  annotations:
+    {{- toYaml . | nindent 4 }}
+  {{- end }}
+spec:
+  parentRefs:
+      {{- with pluck "parentRefs" $httpRoute.console $httpRoute | first }}
+      {{- toYaml . | nindent 4 }}
+    {{- end }}
+  {{- with pluck "hostnames" $httpRoute.console $httpRoute | first }}
+  hostnames:
+    {{- toYaml . | nindent 4 }}
+  {{- end }}
+  rules:
+    {{- range $httpRoute.console.rules }}
+    {{- with .matches }}
+    - matches:
+      {{- range . }}
+      {{- if .path }}
+        - path:
+            type: {{ .path.type }}
+            value: {{ tpl .path.value $ }}
+        {{- end }}
+      {{- else }}
+      {{ . | toYaml | nindent 8 }}
+      {{- end }}
+      {{- end }}
+    {{- with .filters }}
+      filters:
+      {{- toYaml . | nindent 8 }}
+    {{- end }}
+      backendRefs:
+        - name: {{ include "keycloak.fullname" $ }}-http
+          port: {{ $httpRoute.servicePort }}
+    {{- end }}
+{{- end }}

charts/keycloak/values.schema.json

@@ -5,6 +5,63 @@
     "image"
   ],
   "definitions": {
+    "httpRoute": {
+      "type": "object",
+      "properties": {
+        "annotations": {
+          "type": "object"
+        },
+        "enabled": {
+          "type": "boolean"
+        },
+        "labels": {
+          "type": "object"
+        },
+        "parentRefs": {
+          "type": "array",
+          "items": {
+            "properties": {
+              "name": {
+                "type": "string"
+              },
+              "sectionName": {
+                "type": "string"
+              }
+            }
+          }
+        },
+        "hostnames": {
+          "type": "array",
+          "items": {
+            "type": "string"
+          }
+        },
+        "rules": {
+          "type": "array",
+          "items": {
+            "$comment": "don't allow additionalProperties to make sure backendRefs isn't set by the user",
+            "additionalProperties": false,
+            "properties": {
+              "matches": {
+                "type": "array",
+                "items": {
+                  "$comment": "don't allow additionalProperties, only path matcher supported",
+                  "additionalProperties": false,
+                  "properties": {
+                    "path": {
+                      "type": "object"
+                    }
+                  }
+                }
+              },
+              "filters": {
+                "type": "array"
+              }
+            }
+          }
+        }
+      }
+    },
     "image": {
       "type": "object",
       "required": [
@@ -90,6 +147,22 @@
       "internalPort": "string",
       "internalScheme": "string"
     },
+    "httpRoute": {
+      "allOf": [
+        { "$ref": "#/definitions/httpRoute" },
+        {
+          "type": "object",
+          "properties": {
+            "servicePort": {
+              "type": "integer"
+            },
+            "console": {
+              "$ref": "#/definitions/httpRoute"
+            }
+          }
+        }
+      ]
+    },
     "image": {
       "$ref": "#/definitions/image"
     },

charts/keycloak/values.yaml

@@ -11,7 +11,7 @@ image:
   # The Keycloak image repository
   repository: quay.io/keycloak/keycloak
   # Overrides the Keycloak image tag whose default is the chart appVersion
-  tag: "26.5.3"
+  tag: "26.5.5"
   # Overrides the Keycloak image tag with a specific digest
   digest: ""
   # The Keycloak image pull policy
@@ -280,6 +280,56 @@ serviceHeadless:
   # Add additional ports to the headless service, e. g. for admin console or exposing JGroups ports
   extraPorts: []
 
+# -- Expose the service via gateway-api HTTPRoute
+# Requires Gateway API resources and suitable controller installed within the cluster
+# (see: https://gateway-api.sigs.k8s.io/guides/)
+httpRoute:
+  # HTTPRoute enabled.
+  enabled: false
+  # Additional HTTPRoute labels
+  labels: {}
+  # HTTPRoute annotations.
+  annotations: {}
+  # The Service port targeted by the HTTPRoute, MUST BE AN NUMBER
+  servicePort: 80
+  # Which Gateways this Route is attached to.
+  parentRefs:
+    - name: gateway
+      sectionName: http
+    # namespace: default
+  # Hostnames matching HTTP header.
+  hostnames:
+    - chart-example.local
+  # List of rules and filters applied.
+  rules:
+    - matches:
+      - path:
+          type: PathPrefix
+          value: '{{ tpl .Values.http.relativePath $ | trimSuffix "/" }}/'
+
+  # HTTPRoute for console only (/auth/admin)
+  console:
+    # If `true`, an HTTPRoute is created for console path only
+    enabled: false
+    # Additional HTTPRoute labels
+    labels: {}
+    # HTTPRoute annotations.
+    annotations: {}
+    # Which Gateways this Route is attached to.
+    parentRefs:
+      - name: gateway
+        sectionName: http
+      # namespace: default
+    # Hostnames matching HTTP header.
+    hostnames:
+      - chart-example.local
+    # List of rules and filters applied.
+    rules:
+      - matches:
+        - path:
+            type: PathPrefix
+            value: '{{ tpl .Values.http.relativePath $ | trimSuffix "/" }}/admin'
+
 ingress:
   # If `true`, an Ingress is created
   enabled: false