Create Keycloak Package consistent with P1 standards

Package:

• Do you have a 'main' branch that is default and protected?
• Are all other branches merged or deleted? For master and dev branches, tag the branch commit before deleting the branch so we can retrieve it if necessary. Exception: branches labeled release
• Does the repo contain only the following directories: chart, docs, tests? All other directories should be deleted.
• Is there a CODEOWNERS file containing some code owners?
• Is there a CHANGELOG.md file with initial changes?
• Is there a README.md file documenting basic use?
• Is there a CONTRIBUTING.md file outlining how a new person can contribute?
• Is there a .gitlab-ci.yml pipeline setup pointing to a pipeline template?
• Is there a tests/test-values.yaml file setup to provide default values for the pipeline? This must include image pull secret references.
• Is there a chart/Kptfile that points to the upstream chart used in the repo? Exception: Not needed if upstream chart is not used.
• Does the upstream chart version deploy the application version used in Iron Bank (or as close as possible)? This will help avoid incompatible configuration settings.
• Have you run helm dep up and added all .tgz file depedencies in chart/charts to the repo?
• Have you updated chart/requirements.yaml or chart/Chart.yaml to point to the file://./charts/.tgz dependencies?
• If the chart has a web interface, have you added a VirtualService using hostname that is conditionally added if istio.enabled is true? Verify this works using the web address.
• If the chart integrates with Prometheus monitoring, have you added a Service and ServiceMonitor that are conditionally added if monitoring.enabled is true? Verify this using Prometheus to check targets.
• Does your package have resource requests and limits set and equal to each other?
• Do you have a tag on your main branch for the Big Bang release version of the package?
• Have all of your images been updated to pull from registry1.dso.mil. Exception: If there is no Iron Bank image, are you pulling from registry.dso.mil?
• If the package supports SSO, have you integrated SSO settings? Needs clarification
• If the package requires a database, have you integrated external database settings? Needs clarification
• If the package requires storage, have you ingegrated external storage (e.g. MinIO) settings? Needs clarification
• Are all secrets and certificates removed from the repo? All secrets should be references or randomly generated during deployment.
• add network policy to restrict access
• package has support for pod affinity and anti-affinity

added to epic &37 (closed)

changed the description

changed title from Create Keycloak Package to Create Keycloak Package consistent with P1 standards

added keycloak priority4 + 1 deleted label

added Affinity/AntiAffinity label

removed Affinity/AntiAffinity label

added Big Bang Add-Ons label

set weight to 5

Hey there, I'm on the FENCES team and I have been working this effort for a few days now.

I have a WIP helm chart for Keycloak (based on the codecentric helm chart), branching off of the public-release branch.

I also have a WIP update to bigbang and the bigbang template which wires in keycloak and it's associated configuration.

I tried pushing these branches to both the Keycloak and bigbang projects today, but it looks like I don't have access. I would be happy to push what I have once I have access.

assigned to @jwomear

@jwomear - I added you to keycloak repository. You already have "developer" permissions for bigbang repo.

changed milestone to %1.5.0

changed iteration to Big Bang Iterations Mar 30, 2021 - Apr 5, 2021

assigned to @kevin.wilder

@jwomear - can you meet with me? I have been assigned to help with Keycloak and keep it moving.

added statusdoing label and removed 1 deleted label

@kevin.wilder I sure can. I sent you a chat.

upstream chart current release tag is "keycloak-10.1.0"
https://github.com/codecentric/helm-charts/tree/keycloak-10.1.0/charts/keycloak
corresponds to app version 12.0.4

Latest app version available in IronBank is 12.0.4
https://registry1.dso.mil/harbor/projects/3/repositories/opensource%2Fkeycloak%2Fkeycloak

Good we are in sync.

KPT command
kpt pkg get https://github.com/codecentric/helm-charts.git/charts/keycloak@keycloak-10.1.0 chart

assigned to @michaelmcleroy

building the new docker image with app version 12.0.4 from repo directory development/

docker build -t registry.dso.mil/platform-one/big-bang/apps/security-tools/keycloak/keycloak-ib-p1:12.0.4 .

docker push registry.dso.mil/platform-one/big-bang/apps/security-tools/keycloak/keycloak-ib-p1:12.0.4