Resolve "Keycloak needs an HA test"
General MR
Summary
- Added test to verify High Availability is functioning as expected
- Removed legacy code for non native istio sidecars
- Updated logic for default peer authentication
- Removed imagePullSecrets from import-values in chart.yaml
- Updated Gluon and Keycloak helm chart dependencies
- Removed unnecessary network policies
Relevant logs/screenshots
Verified test passed and that successful traffic could be seen in istio-proxy on both the test pod and on the keycloak pod:
helm test keycloak -n bigbang
[2025-09-16T00:06:38.806Z] "- - -" 0 - - - "-" 19 0 1541 - "-" "-" "-" "-" "10.42.2.26:7800" outbound|7800||keycloak-keycloak-headless.keycloak.svc.cluster.local; 10.42.2.30:48794 10.42.2.26:7800 10.42.2.30:48780 - - traceID=-
Verified default cache stack is now set to jdbc_ping:
kubectl describe sts keycloak -n keycloak | grep KC_CACHE_STACK
KC_CACHE_STACK: jdbc-ping
Verified post renderers are no longer needed and validated same changes are in place (used keycloak-update
bb branch):
kubectl get svc keycloak-keycloak-headless -n keycloak
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
keycloak-keycloak-headless ClusterIP None <none> 80/TCP,7800/TCP,57800/TCP 22m
kubectl get servicemonitor -n keycloak -o yaml | grep insecureSkipVerify
insecureSkipVerify: true
Linked Issue
Upgrade Notices
N/A
Closes #247 (closed)
Edited by Jimmy Bourque