Large files in the keycloak chart cause Helm Secret size to exceed 1MiB
When attempting to import a 100 KiB realm file using a secret added to the Keycloak Helm chart, we encountered the following error:
Helm upgrade failed for release keycloak/keycloak with chart keycloak@2.5.1-bb.0:
create: failed to create: Secret "sh.helm.release.v1.keycloak.v3" is invalid:
data: Too long: must have at most 1048576 bytesWhen examining the state of the prior Helmrelease version, the existing data was already very close to the Secret size limit:
$ k get secret -n bigbang sh.helm.release.v1.keycloak.v2 -oyaml | yq '.data.release' | base64 -d > sh.helm.release.v1.keycloak.v2.yaml
$ ls -l sh.helm.release.v1.keycloak.v2.yaml
-rw-------. 1 root root 997160 Nov 1 14:15 sh.helm.release.keycloak.yamlAttempting to inspect the contents of the Secret reveals that it needs to be base64-decoded again and then gunzipped, resulting in the following:
$ base64 -d sh.helm.release.v1.keycloak.v2.yaml | gunzip > sh.helm.release.v1.keycloak.v2-unzipped.yaml
$ ls -l
-rw-------. 1 root root 1822118 Nov 1 14:37 sh.helm.release.v1.keycloak.v2-unzipped.yaml
-rw-------. 1 root root 997160 Nov 1 14:22 sh.helm.release.v1.keycloak.v2.yamlThe resulting data is in JSON format, with the following top-level keys and sizes:
$ yq 'keys()' sh.helm.release.v1.keycloak.v2-unzipped.yaml
- "name"
- "info"
- "chart"
- "config"
- "manifest"
- "version"
- "namespace"
$ yq '.name' sh.helm.release.v1.keycloak.v2-unzipped.yaml | wc -c
9
$ yq '.info' sh.helm.release.v1.keycloak.v2-unzipped.yaml | wc -c
937
$ yq '.chart' sh.helm.release.v1.keycloak.v2-unzipped.yaml | wc -c
1554589
$ yq '.config' sh.helm.release.v1.keycloak.v2-unzipped.yaml | wc -c
4307
$ yq '.manifest' sh.helm.release.v1.keycloak.v2-unzipped.yaml | wc -c
262641
$ yq '.version' sh.helm.release.v1.keycloak.v2-unzipped.yaml | wc -c
2
$ yq '.namespace' sh.helm.release.v1.keycloak.v2-unzipped.yaml | wc -c
9As shown, the full contents of the Helm chart are stored in the Secret (so that Helm can calculate the differences between different Helm revisions), bloating the size of the Secret significantly.