chore: replace bitnami dependencies#553
Merged
vincentchalamon merged 5 commits into4.3from Mar 16, 2026
Merged
Conversation
vincentchalamon
changed the title
vincentchalamon
temporarily deployed
to
pr-553
GitHub Actions
Inactive
vincentchalamon
force-pushed
the
chore/bitnami
branch
from
6ca6847 to
c59520b
Compare
vincentchalamon
temporarily deployed
to
pr-553
GitHub Actions
Inactive
vincentchalamon
force-pushed
the
chore/bitnami
branch
from
c59520b to
a536fa0
Compare
vincentchalamon
temporarily deployed
to
pr-553
GitHub Actions
Inactive
vincentchalamon
force-pushed
the
chore/bitnami
branch
from
a536fa0 to
683291e
Compare
vincentchalamon
temporarily deployed
to
pr-553
GitHub Actions
Inactive
vincentchalamon
force-pushed
the
chore/bitnami
branch
2 times, most recently
from
5115401 to
caf11bd
Compare
vincentchalamon
temporarily deployed
to
pr-553
GitHub Actions
Inactive
vincentchalamon
force-pushed
the
chore/bitnami
branch
from
caf11bd to
acd0b26
Compare
vincentchalamon
requested review from
Copilot
and removed request for
Copilot
This comment was marked as outdated.
This comment was marked as outdated.
This comment was marked as outdated.
This comment was marked as outdated.
vincentchalamon
force-pushed
the
chore/bitnami
branch
from
acd0b26 to
b465368
Compare
vincentchalamon
force-pushed
the
chore/bitnami
branch
from
b465368 to
1c26425
Compare
* chore: replace bitnami/postgresql with custom template # Conflicts: # helm/api-platform/Chart.lock # helm/api-platform/Chart.yaml * chore: replace bitnami/keycloak with custom template * Initial plan * fix: replace bitnami/external-dns and fix Helm template issues Co-authored-by: vincentchalamon <407859+vincentchalamon@users.noreply.github.com> * fix: resolve Helm chart YAML parsing issues Co-authored-by: vincentchalamon <407859+vincentchalamon@users.noreply.github.com> * fix: correct PostgreSQL sidecar container probes and port protocol Co-authored-by: vincentchalamon <407859+vincentchalamon@users.noreply.github.com> * fix: fix deploy * fix: fix by @claude * fix: fix Keycloak deployment crash and E2E login selector - Add missing 'start' subcommand to Keycloak args (kc.sh requires it) - Replace CNPG PostgreSQL image with standalone postgres:16-alpine for sidecar - Fix E2E password selector for Keycloak 26.4 (getByRole instead of getByLabel) Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> * fix: fix Keycloak startup crash on empty admin password and config mismatch - Guard KC_BOOTSTRAP_ADMIN_* env vars on non-empty adminPassword to prevent crash when keycloak-admin-password secret is not set in PR environments - Add --optimized flag to skip rebuild check on every start - Add build-time options to Dockerfile (--db, --http-relative-path, --health-enabled, --metrics-enabled) to match runtime config - Remove redundant build-time env vars from deployment template Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com> * fix: copy provider JAR before kc.sh build to avoid --optimized startup failure Keycloak with --optimized checks that no provider JARs changed after the build. The JAR was copied after the build step, making its timestamp newer than the build artifacts and causing Keycloak to refuse startup. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com> * fix: replace Bitnami KC_PRODUCTION with correct Keycloak HTTP/proxy env vars KC_PRODUCTION=true is a Bitnami-specific env var ignored by the official image. Keycloak start (production mode) requires TLS or http-enabled=true. Since TLS is terminated at the nginx ingress, enable HTTP and configure the proxy headers to trust X-Forwarded-* headers from the ingress. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com> * fix: use httpRelativePath prefix for Keycloak health probes on management port The --http-relative-path build option also affects the management interface (port 9000). Health endpoints are at /<relative-path>/health/* not /health/*. Confirmed: /oidc/health/started returns 200, /health/started returns 404. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com> * fix: enable nginx SSL redirect for HTTP→HTTPS 301 The k6 post-deploy check verifies that http:// redirects to https:// with a 301. ssl-redirect was set to false, preventing nginx from issuing the redirect. cert-manager provisions a valid TLS certificate on GKE so the redirect is safe. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com> * chore: configure Claude Code * fix: update k6 check to accept nginx 308 redirect and location without trailing slash nginx-ingress uses 308 (not 301) for ssl-redirect to preserve HTTP method. The Location header for root path omits the trailing slash. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> --------- Co-authored-by: Vincent Chalamon <407859+vincentchalamon@users.noreply.github.com> Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com> Co-authored-by: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
vincentchalamon
force-pushed
the
chore/bitnami
branch
from
223d4ce to
d97c070
Compare
vincentchalamon
commented
Mar 16, 2026
vincentchalamon
commented
Mar 16, 2026
- Fix serverVersion in database-url secret: use 16 to match values.yaml - Remove KC_PRODUCTION from compose.prod.yaml (not a valid Keycloak env var) Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Remove values.yaml keys that were consumed by bitnami/keycloak and bitnami/postgresql Helm charts but are never read by the custom templates: - postgresPassword (superuser password, unused by CloudNative PG and postgres sidecar) - keycloak.proxy (hardcoded as KC_PROXY_HEADERS in keycloak-deployment.yaml) - keycloak.tls (not wired in the custom template) - keycloak.startupProbe / readinessProbe / livenessProbe (hardcoded in template) Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Uh oh!
There was an error while loading. Please reload this page.